Data breach of Hostinger exposes 14 million users

News by Bradley Barth

A data breach at internet domain registrar Hostinger exposed data of roughly 14 million users, including their usernames, emails, first names and IP addresses

Web hosting provider and internet domain registrar Hostinger International has disclosed that an unauthorised third party has breached its internal system API and gained access to data belonging to roughly 14 million users.

In a blog post announcement, the company said that it received an alert on 23 August that someone had accessed one of its servers. "This server contained an authorisation token, which was used to obtain further access and escalate privileges to our system RESTful API Server," the company stated. "This API Server is used to query the details about our clients and their accounts."

In addition to hashed passwords, affected information included usernames, emails, first names and IP addresses. Financial data was not affected because Hostinger outsources financial transactions to third-party payment providers. Hostinger Client accounts and data stored on those accounts were also apparently spared.

Even though the passwords were hashed, Hostinger still reset all of its clients’ login passwords. The company also said that it has been engaged with law enforcement, hardened server and network settings and "restricted the vulnerable system" such that "access is no longer available."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews