Usernames, emails, first names and IP addresses have been breached at web hosting provider and internet domain company Hostinger International, affecting a possible 14 million customers.
The company said it has reset user passwords as a “precautionary measure” after it detected unauthorised access to a database containing sensitive information.
Hackers breached its internal system API and gained access to data of the Lithuanian company.
Hostinger was founded in 2004 and markets itself as a digital backbone for small and medium websites. The company has more than 29 million customers on its books.
In a blog post, the company said that it received an alert on 23 August that someone had accessed one of its servers.
It said: “This server contained an authorisation token, which was used to obtain further access and escalate privileges to our system RESTful API Server.
“This API Server is used to query the details about our clients and their accounts.“
Access token
Using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database.
That database contained customer usernames, email addresses and passwords scrambled with the SHA-1 algorithm, which has been deprecated in favour of stronger algorithms after researchers found SHA-1 was vulnerable to spoofing. The company has since upgraded its password hashing to the stronger SHA-2 algorithm.
Financial data
No financial data is thought to have been affected as Hostinger outsources financial transactions to third-party payment providers.
Hostinger Client accounts and data stored on those accounts were also apparently not affected by the breach.
The company said it was “in contact with the respective authorities, hardened server and network settings and “restricted the vulnerable system” such that “access is no longer available.”
On their website, the company boast that they are “A pioneer in world-class web hosting”
And: “Over 29 million happy users in 178 countries are able to enjoy our world class website hosting platform. We receive over 15K new sign-ups every day, that’s 1 new client every 5 seconds! We constantly improve and grow to help you be successful.”