The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear.
In a Facebook post published Wednesday morning, 000Webhost officials confirmed the breach and said it was the result of hackers who exploited an old version of the PHP programming language to gain access to 000Webhost systems. The advisory makes no reference to the plaintext passwords, although it does advise users to change their credentials. Hunt has also encountered evidence the breach may extend to other Web hosting providers, presumably because of partnerships they had with 000Webhost.
Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user's plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It's also possible that the site didn't follow standard industry practices and cryptographically hash the passwords when storing them. In any event, the data may have been accessed by executing a SQL injection exploit or other common website attack or by an insider with privileged access to the 000Webhost system.
000Webhost users should be on the alert for fraud. And if they used the same password anywhere else, reset it there, too.
Well, it’s finally official. After more than a year in regulatory limbo, The United States Justice Department has approved a $26 billion dollar deal between mobile carriers T-Mobile and Sprint.
Donald Trump says his administration will not provide any waivers or relief for Apple Mac Pro components built in China, and said Apple should instead build its products in the U.S.
We can expect three new “iPhone 11” models this fall from Apple, according to the official unofficial rumor mill. Each of these is said to be designed with an A13 chip, a Lightning port, and a new ‘Taptic Engine’ that will replace iPhone’s current 3D Touch.
The field of data analytics is growing as fast as the internet itself. Self-driving cars, airline pricing, and huge marketing campaigns are all driven by the insights that data scientists can distill out of vast sums of information. Even with the help of powerful software like Python, it’s a highly skilled position. But those skills […]
If you’re marketing on the web, your Google-fu needs to be strong – and up to date. Without a firm grasp on what drives traffic, you’ll never be able to take the wheel. That’s why even if you know where to put your keywords, a little extra effort goes a long way on any marketer’s […]
Want to keep the dentist away? A little tooth care at morning and night isn’t bad, but it won’t keep the stains from smoking or fried foods at bay for long. If you enjoy your food and want to avoid the consequences, an upgrade from that old analog toothbrush can make a huge difference. Among […]