The web hosting company Hostinger revealed that it had been the victim of a security breach that affected both its platform and its users.
The company revealed in a blog post that a hacker had accessed an internal server where he had discovered a token for an internal API. The hijacker used it to make "API calls that affect customer information."
According to Hostinger, the hacker made API calls to a database containing the personal information of approximately 14 million customers, including their usernames, IP addresses, first and last names, as well as contact information such as their phone numbers, email addresses and personal addresses. The user's password information was also stored in the database, but luckily it was in hashed format.
After the security incident, Hostinger decided to force the passwords of all users whose accounts had been assigned again, while the company tried to determine which of its customers were concerned.
Security violation
The hacker did not obtain any financial data and was unable to compromise customer sites, according to Hostinger.
As a result of the security breach, the company has created a status page where customers can see the latest updates on the scope of the incident. Hostinger also said that the damaged server and API had been unmounted.
The company provided additional information on the actions taken as a result of the security breach in a blog post, stating:
"After the incident, we identified the source of the unauthorized access and took the necessary measures to protect our clients 'data, including mandatory password reset and our clients' security systems. Our entire infrastructure. In addition, we assembled a team of internal and external forensic experts and data specialists to investigate the origin of the incident and strengthen the security measures of all Hostinger operations. In accordance with the law, we are already in contact with the authorities. "
Through ZDNet