- Attackers used authorization token obtained from Hostinger’s internal server to gain further access and escalate privileges to Hostinger’s system RESTful API Server.
- The compromised server contained clients’ first names, usernames, email addresses, hashed passwords, and IP addresses.
What is the issue?
Web hosting provider Hostinger suffered a data breach after an unauthorized third party gained access to its internal API server.
Hostinger became aware of the incident on August 23, 2019, after it received alerts that one of its internal servers that contained an authorization token has been accessed by a third-party.
Attackers used this authorization token to gain further access and escalate privileges to Hostinger’s system RESTful API Server.
What was compromised?
The compromised server contained the client information of nearly 14 million Hostinger users.
- The exposed client information includes clients’ first names, usernames, email addresses, hashed passwords, and IP addresses.
- However, no payment card or financial information was compromised, as Hostinger does not store payment card data on servers.
- Hostinger client accounts were also not impacted by the incident.
“We completed a thorough internal investigation. Hostinger Client accounts and data stored on those accounts (websites, domains, hosted emails, etc.) remained untouched and unaffected,” Hostinger said in a blog.
What actions were taken?
- Upon learning the incident, the hosting provider hired a team of internal and external forensics experts and data scientists to investigate the incident and determine the origin of the attack.
- Upon determining the origin of unauthorized access, Hostinger took the necessary measures to protect its client data. It has disabled access to the server by securing the API and all related systems.
- It has reset passwords for all its clients and systems within its infrastructure. It has also taken steps to improve the security measures of all Hostinger operations.
“We are continuing our internal review, implementing new security procedures and hardening server and network settings. We are working with internal and external forensics teams to analyze network and server logs. The API is operational and working as expected,” Hostinger said in an update