Web hosting provider company Hostinger suffers from a massive cyber breach. This attack has forced the company to reset the password of more than 14 million customers. This number is approximately half its total...
Web hosting provider company Hostinger suffers from a massive cyber breach. This attack has forced the company to reset the password of more than 14 million customers. This number is approximately half its total customers.
The company has revealed that “an unauthorized third party” has breached one of its servers. This has allowed the attackers to gain access to hashed passwords as well as other non-financial data associated with millions of its customers.
Document
Book a Free Demo Call with Our People Security Expert
The security breach has been estimated to have occurred on 23rd August. This happened when unknown hackers found an authorization token on one of the servers of the company. The hacker then used it for gaining access to an internal system API without the requirement of a username and password.
Subscribe to Our Newsletter On Linkedin
Sign up to Stay Tuned with the Latest Cyber Security News and Updates
Once the cyber breach was discovered, the company restricted its vulnerable system, denied this access as well as contacted the concerned authorities.
The API database hosts the personal information of approximately 14 million customers along with their usernames, hashed passwords, emails, first names as well as IP addresses that have been accessed by hackers.
Why did Hostinger become the victim of such a huge cyber breach?
The company allegedly used a weak SHA-1 hashing algorithm for scrambling Hostinger client passwords. The company does not have two-factor authentication for customers’ accounts.
What is Hostinger doing to cope with the situation?
The company has reset every Hostinger Client login password through the SHA-2 algorithm. It has sent out emails password recovery emails to each affected consumer.
The company has urged its customers to set a strong and unique password.
Customers have been advised to remain cautious of suspicious emails that ask them to either click on the links or download attachments.
How to Prevent Such Cyber Breach?
Cyber security firms like Threatcop ensure that employees within the organization are prepared to understand various attacks. This is ensured with Threatcop’s flagship product known as TSAT.
With TSAT’s four-step attack simulator and awareness cycle, it is ensured that employees can not only identify but also, can learn about various attack methodologies that lead to such cases of a cyber breach. This is done with the help of customized learning awareness modules that include newsletters, advisories, case studies, etc.
In order to increase the retention of the accumulated knowledge, employees are presented with assessments. The last step of the cycle includes a simulated attack that completes the cycle of employee awareness training