Hostinger, a web hosting company has reset the username and passwords of all the users as a precautionary measure. This happened after the company recognized someone accessing the database without authorization. Some millions of customers data is present in that database.
According to the reports this breach happened on Thursday last week. The company said in a press release that it received alerts stating that one of its servers is not working properly. The hackers logged into the websites with the help of access tokens. As they are using the access tokens, they didn’t need any username or password to login to the database. The hacker was able to access the company database with the help of this token.
Hostinger To Replace SHA-1 Algorithm
The database that hackers gained access to contain all the details regarding the username, passwords of customers. The encryption format company uses is SHA-1 algorithm. Now, the company replaced this algorithm after understanding how vulnerable it is. The password, username and other data is upgraded to SHA-2 algorithm which is even more powerful. The API database has 14 million customer records with them and there are more than 29 million customer details on books.
All the affected customers have already received a mail with all the details regarding resetting the username, password. The company ensured that none of the financial details or website details of the users is out yet. However, one of the customers accused the company about misleading information regarding the breach.
The customer told that API stores the payment information of customers too but the company denied it. It stated that the customers opt for various kinds of payment platforms and they do not let the details of customers get out. The company ensured that none of the customer details is breached at all.