Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

000webhost hacked, 13M credentials leaked in plain text and circulating


  • Please log in to reply
5 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 28 October 2015 - 02:43 PM

Every now and then, I get someone contacting me like this:

Hey, approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisted of name, last name, email and plaintext password


Now this puts me in an awkward position. On the one hand, the data would obviously be a good addition to HIBP and the people impacted would really want to know about it. On the other hand, by no means do I want HIBP to be thought of as a disclosure channel. In fact, what I normally say to anyone sending me this info is that unless its been publicly documented somewhere, I dont want a bar of it.

However, a number of things made this incident a bit unique. Firstly, the guy (and thats usually a safe assumption when it comes to this sort of thing) had already given me the data and it only took one glance to see that yes, it was indeed plain text passwords. He was also correct in saying it was 13M records, in fact it was a little bit more than that. It was very apparent that if this was legitimate, it was indeed a very serious data breach and one that had the potential to impact a very large number of people. So I did a bit of research.


Source: http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html

Oh boy 000webhost messed up royally on handling that one. I suggest to everyone who's using 000webhost to change all your passwords right now, and also change the passwords on your other accounts if you use the same. Also, seeing how 000webhost is currently handling that situation, I would be tempted to tell you to stop using their service and move to a more secure and reliable provider.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#2 Allen

Allen

  • Members
  • 337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:20 AM

Posted 28 October 2015 - 05:19 PM

Good thing I stopped using that joke of a host 6 years ago :\


Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#3 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 30 October 2015 - 09:34 AM

000webhost hacked, 13 million customers exposed

"We apologize for this hassle but it has to be done to ensure your data is safe. We are going to upgrade our systems step by step and will be aiming to be super-careful in future," the 000webhost team says.


Enforcing HTTPS on the login page would be a good start.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 irvin_than_allyl

irvin_than_allyl

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:20 AM

Posted 30 October 2015 - 10:49 AM

I think we're in the age where low hanging fruit is getting picked left and right. Unfortunately so many people rely on that fruit and don't know it's no good.



#5 Eugenije

Eugenije

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 30 October 2015 - 05:53 PM

On https://haveibeenpwned.com/ you can check if your email is in the leaked DB or not.

Mine certainly was there so, yeah, gotta change a couple of passwords.

Seriously? Store passwords as plain text?!



#6 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 01 November 2015 - 11:41 AM

As the days pass by, the blows gets stronger.

There's no room in authentication for amateurs

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users