The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear.
In a Facebook post published Wednesday morning, 000Webhost officials confirmed the breach and said it was the result of hackers who exploited an old version of the PHP programming language to gain access to 000Webhost systems. The advisory makes no reference to the plaintext passwords, although it does advise users to change their credentials. Hunt has also encountered evidence the breach may extend to other Web hosting providers, presumably because of partnerships they had with 000Webhost.
Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user's plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It's also possible that the site didn't follow standard industry practices and cryptographically hash the passwords when storing them. In any event, the data may have been accessed by executing a SQL injection exploit or other common website attack or by an insider with privileged access to the 000Webhost system.
000Webhost users should be on the alert for fraud. And if they used the same password anywhere else, reset it there, too.
The increasingly popular social media application TikTok has a concerning relationship with the Chinese state. That link became ever the more concerning today, when reports began circulating of a brand new partnership between the company that owns TikTok, ByteDance, and the government of China.
Senator and 2020 US presidential candidate Bernie Sanders’ “High-Speed Internet For All” plan, unveiled today, promises $150 billion to build publicly owned broadband networks — and to break the chokehold that Comcast, Verizon, and AT&T have on Americans’ access to information and communication.
This holiday season, give the delivery man a break. Who needs the extra cost and uncertainty of shipping anyway? Here are 10-holiday gifts that cut out the middleman and go straight to the nicest ones on your Christmas list. Winc Wine Delivery Okay, we might be cheating a little with this first one, but a […]
For some folks, writing notes by hand is just plain easier, but having to re-type them later can be a huge bore, not to mention time-sink. The guys from Rocketbook successfully merged the best parts of analog and digital note-taking with their Everlast notebook awhile back. And now, that tech just got a lot more […]
There are fast-paced card games, and some of them even require enough dexterity for a mini-workout (like Skip-Bo or Snap). But there’s nothing quite like the Mokuru® Card Game, which uses an already addictive fidget toy as the centerpiece for a cutthroat game of tabletop challenges. The game is named for the toy that gets […]