- Jun 9, 2013
- 6,720
- Content source
- http://www.net-security.org/secworld.php?id=19041
000webhost, a popular free web hosting service, has suffered a data breach that resulted in the compromise of the name, email address and plaintext password of some 13 million of its customers.
The compromise was publicly disclosed on Wednesday by Troy Hunt, a Microsoft MVP for Developer Security and the creator and administrator of the Have I been pwned? service, where users can check whether their personal data has been leaked somewhere on the web.
He initially got the information about the breach from an anonymous tipster, who pointed him towards the database containing the compromised info.
He immediately started to analyze it, trying to discover whether the information in the database is legitimate. After having had many problems in trying to get in touch with someone at 000webhost who could help him, he made a public plea on Twitter, asking 000webhost users for help.
A few got in touch and confirmed that their email address and password are among the ones in the database.
After news about the possible breach started circulating, another tipster got in touch saying that "The database is selling for upwards of $2,000 right now, I can't understand which moron would be considering giving you a copy for free when people can make some serious money from this database."
Full article. Hackers put up for sale 13 million plaintext passwords stolen from 000webhost
The compromise was publicly disclosed on Wednesday by Troy Hunt, a Microsoft MVP for Developer Security and the creator and administrator of the Have I been pwned? service, where users can check whether their personal data has been leaked somewhere on the web.
He initially got the information about the breach from an anonymous tipster, who pointed him towards the database containing the compromised info.
He immediately started to analyze it, trying to discover whether the information in the database is legitimate. After having had many problems in trying to get in touch with someone at 000webhost who could help him, he made a public plea on Twitter, asking 000webhost users for help.
A few got in touch and confirmed that their email address and password are among the ones in the database.
After news about the possible breach started circulating, another tipster got in touch saying that "The database is selling for upwards of $2,000 right now, I can't understand which moron would be considering giving you a copy for free when people can make some serious money from this database."
Full article. Hackers put up for sale 13 million plaintext passwords stolen from 000webhost