The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear.
In a Facebook post published Wednesday morning, 000Webhost officials confirmed the breach and said it was the result of hackers who exploited an old version of the PHP programming language to gain access to 000Webhost systems. The advisory makes no reference to the plaintext passwords, although it does advise users to change their credentials. Hunt has also encountered evidence the breach may extend to other Web hosting providers, presumably because of partnerships they had with 000Webhost.
Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user's plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It's also possible that the site didn't follow standard industry practices and cryptographically hash the passwords when storing them. In any event, the data may have been accessed by executing a SQL injection exploit or other common website attack or by an insider with privileged access to the 000Webhost system.
000Webhost users should be on the alert for fraud. And if they used the same password anywhere else, reset it there, too.
• Amazon’s new Chinese thermal spycam vendor was blacklisted by U.S. over allegations it helped China detain and monitor Uighurs and other Muslim minorities
Mark Di Stefano of the Financial Times is accused by The Independent of accessing private Zoom meetings held by The Independent and The Evening Standard as journalists were learning how coronavirus restrictions would affect them.
Hackers tried to break into the World Health Organization earlier in March, as the COVID-19 pandemic spread, Reuters reports. Security experts blame an advanced cyber-espionage hacker group known as DarkHotel. A senior agency official says the WHO has been facing a more than two-fold increase in cyberattacks since the coronavirus pandemic began.
Every once in a while, we see a new product come along that’s so versatile and elegantly simple that it’s strange no one’s ever gone there before. Portable lights themselves aren’t new, but there’s something about the MOGICS Coconut Light that’s so seamlessly well-designed and adaptable that it feels startlingly original. The Coconut is basically […]
With the U.S. cautiously reopening, it’s probably time to take stock of where you’re at. After spending all these weeks in the house, you’ve likely already assembled a little list of items you either realized you were missing or need to replace. And those kinds of revelations probably apply to nearly every room. We got […]
When the COVID-19 threat hit in March, most Americans didn’t have much of a choice about their new work-from-home existence. But now that a majority of the workforce have settled into their new routines, it may be hard for many to snap back to the daily commute and the office grind again. And the numbers […]