Hostinger got hacked, Forced company to reset 14 million users’ password

Hostinger, one of the most popular web hosting company has forcibly reset the passwords of its 14 million users after facing one of the biggest data breach by a hacker. After detecting the breach the company immediately reset the passwords of its users to some random words and number.

Hostinger also sent out mails to its users regarding the data breach and informed them about the actions they have taken including the password change. Hostinger said that the attacker(s) managed to get access to an internal server where he found the API token which he later used to make API calls to access user data.

The hacker(s) made API calls to database which had customer details like username, first and last name, email address, home address and IP address.

Users’ passwords were also stored in hashed format.

Some users also shared the email received from Hostinger regarding the data breach on twitter. Some also contacted the company regarding their data integrity and sought their response. Hostinger assured their users about their data integrity.

The company didn’t give any exact number of how many users were affected. The company also told that the affected server has been taken down and the API also. The company told ZDnet, they presumed that all users were affected and they are taking worst-case scenario. Though no logs have been recorded which proves that the affected API was used to extract user data.

The company denied giving any further information as the investigation is in early stages. Hostinger also told that they are monitoring network logs and traffic to verify if any data was downloaded.

Do you also have website running on Hostinger? What do you feel about the attack? Also tell if you received any email from the company?