13 Million Passwords Taken in Web Host Data Breach

October 29, 2015, Written By Natalie Rutledge
security lock on a computer keyboard - computer security concept

The usernames, email addresses and passwords of 13.5 million accounts were stolen from 000webhost, a Lithuanian-based web hosting company.

The company admitted to the breach on its Facebook page.

In the statement, the company said, “We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version of the website gaining access to our systems, exposing more than 13.5 Million of our customers’ personal records. The stolen data includes usernames, passwords, email addresses, IP addresses and names.”

To resolve the issue, 000webhost said, “We are still working 24/7 in order to identify and eliminate all security flaws. Additionally, we are working on upgrading all of our systems… in an effort to protect our users we have temporarily blocked all access to systems affected by this security flaw. We will re-enable access to affected systems after an investigation and once all security issues have been resolved.”

Forbes discovered the breach when an anonymous source contacted Troy Hunt, a cybersecurity professional and owner of the website haveibeenpwned.com, which gives users the ability to see if their email addresses have been compromised in a breach.

While it is unclear how the breach was accomplished, some think 000webhost did not have strong enough security measures.

“I never cease to be amazed at just how badly wrong an organization can get security. It was only this week we learned of the TalkTalk attack having been carried out by a 15-year-old using free tools,” Hunt said in an interview. “Now we’re seeing how 000webhost stored over 13 million passwords in plain text, which is simply unforgivable.”

On its Facebook page, the company promised it is working with law enforcement officials to uncover the source of the breach.

The information contained within this article was accurate as of October 29, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.

About Natalie Rutledge

Natalie Rutledge majored in Communications at Mississippi State University. She was in sales for a number of businesses and spent nine years working as a communications advisor to various entities. Natalie can be contacted directly at [email protected]
View all posts by Natalie Rutledge