A security researcher (Troy Hunt), who owns the website (haveibeenpwned) have discovered a possible breach of webhosting service 000Webhost servers.
Basically, hunt’s site provides information on whether a user’s data has ever been breached online. So, an unknown user recently contacted the researcher and told him about a data breach taking place in an attack that took place on 000Webhost server.
The researcher then contacted more some other users in the list of breached account and bingo everything matched! Researcher to this concluded 000Webhost servers were breached 5 months back and this wasn’t a small breach by any means. But, way before Hunt could confirm the breach we at HackRead were already tagged by the hacker in a tweet about the breach.
The breach has exposed over 13 million users’ data including their names, email addresses and passwords of their accounts.
000Webhost is basically a free hosting service that doesn’t have any encryption in the login area. Furthermore, they provide a password to the users in plain text via mail when a user signs up.
After the researcher exposed this hack, the hosting service updated a status that said:
“A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information”.
After the breach, all the pages that contained user passwords were deleted and passwords were reset.
The researcher believes the hack might have been through an SQL injection exploit which is a common method to exploit sites that aren’t encrypted properly.
So, if you are the user of 000Webost change your passwords as soon as possible and even if you are using any other free hosting provider must have a strong password so that it doesn’t get hacked easily.
As far as the hacker’s ethnicity is concerned he is an Arab speaker who has hacked several other websites in past.