The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear.
In a Facebook post published Wednesday morning, 000Webhost officials confirmed the breach and said it was the result of hackers who exploited an old version of the PHP programming language to gain access to 000Webhost systems. The advisory makes no reference to the plaintext passwords, although it does advise users to change their credentials. Hunt has also encountered evidence the breach may extend to other Web hosting providers, presumably because of partnerships they had with 000Webhost.
Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user's plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It's also possible that the site didn't follow standard industry practices and cryptographically hash the passwords when storing them. In any event, the data may have been accessed by executing a SQL injection exploit or other common website attack or by an insider with privileged access to the 000Webhost system.
000Webhost users should be on the alert for fraud. And if they used the same password anywhere else, reset it there, too.
A judge in Canada today granted $10 million bail for Meng Wanzhou, the CFO of China electronics giant Huawei. She has to remain in the Vancouver area, where she has a home. The United States has requested her extradition. China is not happy. Huawai’s response follows. .
That massive data breach that hit hotel group Marriott? Now there are clues the hackers behind it were working for a Chinese government intelligence gathering operation.
Tumblr will ban ‘female-presenting nipples’ and other content beginning December 17, 2018. Photographer and writer Nate ‘Igor’ Smith is a longtime Tumblr user whose work straddles the boundaries of art, editorial, and adult. Here, Nate explains why Tumblr’s decision to censor is devastating for the Tumblr’s longtime users, and the rest of us. — XJ […]
For the true audio enthusiast, there’s a lot of difference between putting on some songs “for background music” and a true listening experience. For the latter, there’s nothing like a pair of sturdy headphones and the powerful speakers that come with them. And the wireless variety doesn’t get much more powerful than the TREBLAB Z2 […]
Digital or analog, there’s a path of least resistance for any project. Finding that path is what the Agile methodology is all about, which is why proficiency in it is a must for any project management position – and the paycheck that comes with it. And the quickest path to learning Agile? The Agile Project […]
Everybody’s flown a paper airplane. But what if you could fly on a paper airplane? Until we invent shrink-ray technology, the PowerUp X FPV Video Paper Airplane Kit will have to do – but it’s as fun as that sounds and more. The original version of this creative toy added drone tech to the old, […]