000Webhost Hacked – 13 Million Credentials Appear Online

When it comes to the free web hosting 000Webhost.com is a choice for most individuals, but after 000Webhost hack some will definitely consider reviewing their choices.

Earlier this week the Lithuanian company suffered a major breach which ended with more than 13 Million usernames and passwords being leaked. Forbes was contacted by an owner of haveibeenpwned.com Tro Hunt, who is also an MVP at Microsoft . Have I Been Pwned is a very useful website, it allows users to check whether their information has been leaked during major breaches, it currently holds information about more than 239,994,846 accounts.

Let’s get back to the story!

Hunt told Forbes that an anonymous source provided him with a database belonging to 000Webhost full of usernames and passwords from more than 13.5 Million users. The database seemed genuine and it has never been leaked before.

In order to check the validity of the breach Hunt tried to sign in with credentials located in the database and guess what? He was successful. On the way to his research Troy discovered his email too, as it appeared someone tried to sign up with his account and since 000Webhost did not use any email validation ‘someone’ was successful.

Forbes tried to contact the Free Web Hosting company but with no success, the company didn’t answer any call and/or email. Later on the 000Webhost published a post on their official Facebook page:

000webhost hack
000Webhost Hacked
Unfortunately, we don’t know when the breach appeared and how long did the hackers have access to the hosting services, but what we know is that Troy Hunt was contacted by another anonymous source who was aware about the 000Webhost hack back in March, during which admin credentials were used. The source even claimed that database for up for sale for $2000 on underground forums.

000Webhost Vulnerabilities

In this part, we will present you to the vulnerabilities that might have aided attackers in stealing credentials.

  • The Free Web Hosting company’s forum is using an old version, 3.8.2, of popular vBulletin forum platform which was released back in 2009. The current supported version is 5.1.9.
  • User credentials were stored in a plain text format
  • The login page does not use any encryption
  • Upon signing up user credentials are visible in the URL of a website

This breach identifies once again that companies need to take care of security at the first place because eventually someone will discover your weakness and there might be no one who would fix your reputation when your stock drops.

However as users we should always use Secure Servers and follow at least basic security guidelines



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.