Analecta Cyber Company Blog: Biggest free web hosting company hacked

2015-11-23

Biggest free web hosting company hacked

More than 13.5 million 000Webhost customers’ personal records have been hacked and compromised since March 2015, according to a recent report by Forbes.



The company, which is recognized as the world’s most popular free web hosting service, adds significant numbers to the long list of victims of anonymous hackers just this year. The breach exposed usernames, passwords in plain text, email addresses, IP addresses and last names of roughly 13.5 million of 000Webhost's customers.

The hosting company has acknowledged the major data breach and posted a statement on its official Facebook page confirming the database hacking on its main server.

Through the company’s own investigation, it found that the hacker took advantage of the vulnerability in the old PHP version to upload some files. This gave them access to the system. The company also expressed concern about clients’ leaked information as this incident may lead to identity theft, financial damages and more. This could also lead to severe damages to company's reputation and loss of customer trust.

An Australian security researcher received the data from an anonymous source and confirmed that the breach was legitimate. Together with a Forbes journalist, he warned the company of the impending breach, but the company repeatedly ignored them.

And worse, the web hosting company did not even follow fundamental and standard security practices to ensure its customers’ security. He then suggested that the company’s users should be notified immediately with regards to the incident.

The 000webhost.com website is temporarily down. And as an immediate “cure”, the company implemented encryption and changed all customers' passwords to random values. The user’s need to follow the password reset process to generate a new password for their own accounts.