The critical vulnerability (CVE-2021-22005) is actively exploited to hit organizations worldwide with RCE. Install the patch now!
Hostinger, one of the top leading web hosting services provider and Internet domain registrar, has been hacked
Hostinger, one of the top leading web hosting services provider and Internet domain registrar, has been hacked. The company announced a major data breach that affected nearly 14 million customers, and it reset all the client’s password as a precaution measures. Cybercrime bypassed the internal networks, and gained unauthorized access to internal system API which allows attackers to access hashed passwords, and some of the other sensitive data. Hostinger said that there is no financial data involved this security breach and the vulnerable systems access has been terminated. But there are fears among the over 29 million customers in 178 countries. According to the cyber security experts community, the cyber attack was detected on August 23rd with an alert that indicates unauthorized third access to one of the company’s servers which contains an authorization token. It has allowed access and escalates the privilege to system RESTful API Server.
Cybercrime gained access to the 14 million customers internal systems data. The company reacted resetting all the client’s passwords and assembling a cyber security team (forensics and data scientistis) to investigate the data breach
According to a Hostinger note, the API database, which includes our Client usernames, emails, hashed passwords, first names and IP addresses have been accessed by an unauthorized third party. The respective database table that holds client data, has information about 14 million Hostinger users. Following the incident, the company identified the origin of unauthorized access and have taken necessary measures to protect data about its clients, including mandatory password reset for users and systems within all of its infrastructure. Furthermore, Hostinger assembled a team cyber security experts (internal and external forensics and data scientists) to investigate the origin of the incident and increase security measures of all operations. As required by law, the provider is already in contact with the authorities.