The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear.
In a Facebook post published Wednesday morning, 000Webhost officials confirmed the breach and said it was the result of hackers who exploited an old version of the PHP programming language to gain access to 000Webhost systems. The advisory makes no reference to the plaintext passwords, although it does advise users to change their credentials. Hunt has also encountered evidence the breach may extend to other Web hosting providers, presumably because of partnerships they had with 000Webhost.
Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user's plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It's also possible that the site didn't follow standard industry practices and cryptographically hash the passwords when storing them. In any event, the data may have been accessed by executing a SQL injection exploit or other common website attack or by an insider with privileged access to the 000Webhost system.
000Webhost users should be on the alert for fraud. And if they used the same password anywhere else, reset it there, too.
Canada’s privacy authorities on Friday said they are investigating New York-based Clearview AI over concerns the facial recognition technology may not comply with Canadian privacy law.
Ethos, the private equity firm owned by Republican billionaires that is trying to buy the rights to operate the internet’s .org domain range, said on Friday it will cap price hikes, and will agree to create an advisory board with veto powers to partly address some of the concerns of the nonprofit community.
Facebook is reportedly considering making it just a wee bit clearer that pro-Bloomberg political campaign posts come from paid staffers on Michael Bloomberg’s political campaign. Yes, 2020 is bonkers.
In our modern world, our usual first approach to combating an oncoming cold is to medicate it into oblivion. Sometimes, that carpet bombing pharmaceutical attack plan can knock out the congestion and discomfort of an illness before it settles in. But there’s always something to be said for trying to put down the effects of […]
Whether you’re managing a political campaign or building a client base, there comes a time when you stop seeing people and start seeing numbers. This doesn’t happen suddenly. You shake hands, make calls, and build relationships. And then those relationships disappear into a database of donors or customers as your organization grows. People get brought […]
Learning to ride a bike is one of those quintessential childhood experiences that’s as rewarding as it is scary. Prep your precious babe for success by starting them early with the world’s lightest balance bike, the Brilrider FLIGHT. For the uninitiated, balance bikes are no-pedal bicycles that propel forward by pushing off the ground with […]