1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

000webhost - Important information regarding recent security breach

Discussion in 'BlackHat Lounge' started by Hawkster, Oct 31, 2015.

  1. Hawkster

    Hawkster Jr. VIP Jr. VIP

    Joined:
    Jun 22, 2013
    Messages:
    3,510
    Likes Received:
    3,729
    Gender:
    Male
    Occupation:
    Listen to everyone - Follow no-one
    Location:
    UK
    Home Page:
    Not sure why i got this email - pretty sure i never used them lol but thought would share here.

    What happened?

    A hacker used an exploit in an old PHP version, that we were using on our website, in order to gain access to our systems. Data that has been stolen includes usernames, passwords, email addresses, IP addresses and names.

    Although the whole database has been compromised, we are mostly concerned about the leaked client information.

    What did we do about it?

    We have been aware of this issue since 27th of October and our team started to troubleshoot and resolve this issue the same day, immediately after becoming aware of this issue.

    In an effort to protect our users we have temporarily blocked access to systems affected by this security flaw. We will re-enable access to the affected systems after an investigation and once all security issues have been resolved. Affected systems include our website and our members area.

    Additionally we have temporarily blocked FTP access, as FTP passwords have been stolen as well.

    We reseted all users passwords in our systems and increased the level of encryption to prevent such issues in the future.

    We are still working around the clock to identify and eliminate all security flaws. We will get back to providing the free service soon. We are also updating and patching our systems.

    What do you need to do?

    As all the passwords have been changed to random values, you now need to reset them when the service goes live again.

    DO NOT USE YOUR PREVIOUS PASSWORD.

    PLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD FOR OTHER SERVICES.

    We also recommend that you use Two Factor Authentication (TFA) and a different password for every service whenever possible. We can recommend the Authy authenticator app and the LastPass password manager.

    We are sorry

    At 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that.

    At 000webhost our top priority remains the same - to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together.
    Our leadership team will closely monitor this issue and will do everything possible to earn your trust every day.

    Sincerely,
    000webhost CEO,
    Arnas Stuopelis
     
  2. amoon

    amoon Jr. VIP Jr. VIP

    Joined:
    May 16, 2015
    Messages:
    1,808
    Likes Received:
    1,091
    Gender:
    Male
    Occupation:
    IM - BHW
    Location:
    Map–Territory
    i read the article on FORBES.COM ....and the writer of that article gives to readers a bad review about the company
     
    • Thanks Thanks x 1
  3. amoon

    amoon Jr. VIP Jr. VIP

    Joined:
    May 16, 2015
    Messages:
    1,808
    Likes Received:
    1,091
    Gender:
    Male
    Occupation:
    IM - BHW
    Location:
    Map–Territory
    • Thanks Thanks x 1
  4. danixD

    danixD Supreme Member

    Joined:
    Nov 29, 2014
    Messages:
    1,241
    Likes Received:
    551
    Occupation:
    Almost there
    received the same email
     
    • Thanks Thanks x 1
  5. cottonwolf

    cottonwolf Regular Member

    Joined:
    Jan 20, 2015
    Messages:
    469
    Likes Received:
    239
    • Thanks Thanks x 1
  6. SlipAnc

    SlipAnc Regular Member

    Joined:
    Jun 4, 2013
    Messages:
    307
    Likes Received:
    89
    Gender:
    Male
    I regret using this crap few years ago.
     
    • Thanks Thanks x 1