arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hostinger faced a data breach
#1
As you can read on their official blog, Hostinger suffered an unauthorized access to their database. That databases contains personal data, not finantials informations such as CC, such as name, surname email, hashed password, IP addresses, company name,  phone and home address/business address. 
It is good that the company alerted its customers and it is forcing the change of password, but how did a "unauthorized token" get on their back-end?
  • Bug exploit?
  • A developer that set up a back-door?
Well. we can say that doesn't exists a perfect and secure system, but is our data properly secured?
We don't know how not finantials data is stored, did Hostinger hashed also generic information such as addresses, names? Or they just applied hashing to password?
According to GDPR, a database should be encrypted, so if it is stolen it can't be read; but what can do a company if the "hacker" has full access to their system?
There is a lot of information about how a company manage our data that we don't know.
Let's talk about data protection!
Thanks to Post4VPS and Bladenodefor VPS 14
#2
none of the services provider can granite you 100 percent that your data is secuired first of all hackers each day reaching new levels also securities does but hackers always have a step forward then than the proctors, which is mean your data ain't safe in the internet, a quick solution do not use your informations and always turn on your VPN. thats how< you can protect your slef.
Watch this beauty till the end..

#3
Sorry for my late reply in this thread. Don't know how come I missed it. Well, this one didn't pop up when I clicked 'View New Posts'. Weird but nevermind.

Now talking of Hostinger, will one of my domains is from them. So after I read this post and was alerted via email, I logged into Hostinger. Yeah, they forced me to change my password. Then I was given the link to the thread on their official blog and a brief note of apology popped up in the notifications. Further, in the email I'd received, it was said how their data was compromised even that they have taken different measures to secure their systems. They assured their users that they're looking into the matter and no personal information had been leaked yet.

Anyways now coming to security. Probably this case was that of a big explore rather than a backdoor. Moreover, yeah databases should be encrypted so as to prevent unauthorised exploitation.

You see I'm also associated with a Cyber Security company for 11 months now. Actually not as an employee you know, FYI I'm only 16 years old. So it happened that I'd applied for a scholarship in that agency so that I could learn advanced ethical hacking - like SQL Injection, penetration etc. They'd taken an initial screening test. Finding new eligible they entitled me to their best courses for free. In turn, I'm obliged to test their new security software, updates, bug fixes etc.

Now a couple of months back they discovered a dangerous security glitch in a top notch IT company in India itself. That security hole made the databases of the company vulnerable to injection attack.

Now y'all might be wondering why amnt I taking the name of the agency or the company which security threat they deciphered. Will, I've signed a pact with them wherein I'm bound not to reveal the name of their agency under any circumstances.

Now this example highlights how vulnerable can even the days of big companies be. Obviously you can't compare Hostinger to Google or Microsoft. Data breaches are one of the top reasons why users privacy gets compromised. You'd know how last July, Capital One got hacked and personal information of millions in US and Canada got released. Although the jacket was arrested and no data was leaked, but the fact still remains that security holes were there which enabled the hacker to do his job.

You take WordPress for example. I know it takes a lot of effort to make things and you shouldn't criticise what you cannot do, but honestly WordPress is full of security holes. Most of the outdated and free themes and plugins are but backdoors to gain access into your site and the rest is not to be mentioned. WordPress is the biggest cause if accounts getting suspended at HelioHost, wherein users websites are hacked and used for malicious purposes. That's when we start receiving complaints from various security websites, and we can't help but suspend their websites, with 90% if the cases being that the user is innocent. They're neither aware of when their website got hacked, not when was it suspended.

Thus I'd like to say that as technology advances data breaches are also on the rise. If appropriate measures can be taken, they can be prevented to a certain extent, but unfortunately cannot be completely done away with.

Agreed with @Melvin, that you cannot expect 100% security from any provider, coz as I've said earlier too, advancement in technology means more security glitches remain ignored and pave the way for hackers to execute their malicious intentions. Safe browsing involves use of a VPN or a proxy, but a VPN is always more recommended.
Sayan Bhattacharyya,

Heartiest thanks to Post4VPS and Virmach for my wonderful VPS 9!
#4
(08-31-2019, 09:45 AM)sohamb03 Wrote: Now a couple of months back they discovered a dangerous security glitch in a top notch IT company in India itself. That security hole made the databases of the company vulnerable to injection attack.
Not only in India do you find this but in Canada there have been two large corporations who have been breached. I.e. there was a hole in the security of the database. The last case the hole was discovered by a hacker from the US who was doing it for the fun of it. She then announced it as an accomplishment - bragged about it - in the social media. And that was how they discovered that their database had been breached. Fortunately the content was not moved yet.

I'm just thinking that possibly if she had worked ethically she could have started her own company to check for vulnerabilities in large corporation databases and earned money for it, instead of being jailed, as she had been after this event.

Here's a link to the hacking:
https://business.financialpost.com/news/...-canadians
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#5
(08-28-2019, 06:51 PM)Melvin Wrote: none of the services provider can granite you 100 percent that your data is secuired first of all hackers each day reaching new levels also securities does but hackers always have a step forward then than the proctors, which is mean your data ain't safe in the internet, a quick solution do not use your informations and always turn on your VPN. thats how< you can protect your slef.

Yes they do not guarantee you a 100% that your data will be safe. But for that using a VPN to use fake information to exploit their services can be misused. Also on websites which requires credit car info etc. you cannot do this. Therefore using VPN to create a fake account is not a solution.
#6
Believe me or not, nothing is secure and will never be. There will always be a vulnerability in any form. Just like Energy can never be destroyed, neither can a vulnerability in cyber world can "completely" be nonexistent(sorry for lame example lol). And I believe that even Google.com has vulnerability hidden deep down which probably no one is aware of. And it is waiting to be exploited.
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 
#7
(09-06-2019, 05:09 PM)Manal Wrote: Believe me or not, nothing is secure and will never be. There will always be a vulnerability in any form. Just like Energy can never be destroyed, neither can a vulnerability in cyber world can "completely" be nonexistent(sorry for lame example lol). And I believe that even Google.com has vulnerability hidden deep down which probably no one is aware of. And it is waiting to be exploited.

actually yea. it makes sense man! We all know that what keeps google ahead is their herds of bright minds always being proactive abd scouring fir security holes. And they regularly find and plug those. Where did they cone from if they were not there in the first place. it is almost inevitable. Also there is the human factor. It is not automated robots yet, but us handling the systems directky and soo.

So may be just be proactive, cautious .. keep updating your knowledge. not much else you can do.
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#8
This comes as quite a shock because they are so big. But, similar has already happened to other web hosters such as 000webhost. Websites like Android Forums and Badoo, even Bitly. I think people still believe to this day that where it says they are safe with that "green lock" on the toolbar, they assume that they are OK and nothing can really happen with that data. Well, they are obviously wrong and need to be better educated on this stuff, and that's most internet users in my opinion.

Forums, general websites, security companies, and much much more have been targeted more than ever, and it is sick that these hackers have nothing better to do. Cyber security is getting so serious and scary for governments. I am entered in Have I been Pwned emails so I am aware of my data being breached, that way I can take immediate action against whatever/whomever is getting their hands on my data.
You can visit this website here to keep track of data breaches and more: https://haveibeenpwned.com/PwnedWebsites

The list continues to grow at Have I been Pwned because people are always trying to brute force something, hack into something, and it is really rather sad. I recommend that if you are not signed up for that site you should definitely check it out to better protect yourselves! I am sure that there are other providers that keep track of this, but once you enter your email it will pull up a list of sites that were breached. That is the only site that I know of that keeps track of this stuff, and I am glad that someone actually is showing these companies off.
Thank you Post4VPS and BladeNode for VPS 6
#9
These things are pretty common these days. This often happens to web hosting and other service providers too. Some don't even notice it and some don't say anything not to lose customers. This even happened to Godaddy years back when I was using them. There was a server-wide massive SQL injection attack which infected not just SQL servers plus HTML injection. We had to download everything and clean files by our selves. At least it was only a server attack, not client data and card details.

I don't agree with @sohamb03 about most of the free themes and plugins have Trojans etc. At least those themes and plugins in WP repository are pretty good and thoroughly checked. Security problems happen when people don't update themes are plugins regularly or using outdated plugins/themes etc. Some get just brute-forced because of using silly passwords. Plus you need to be careful when you use those themes or plugins which are not in Wordpress repository. I have used Wordpress in 100's of sites in the last 10 years and only time I had a problem is that Godaddy mess. Even that has nothing to do with my security stuff.


~ Be yourself everybody else is taken ~




#10
@Rzarcasm: Just FYI, 000webhost is based on Hostinger Cloud. When you go to Hostinger and click on free hosting, you are taken to 000webhost itself.

I agree with you, that having the "Green Padlock" on the browser no longer guarantees the authenticity and privacy protection of a website, with the open-source CA Let's Encrypt into the play. Anyone and everyone can avail the benefits of an SSL certificate for free nowadays, which is a big reason why data breaches, phishing, spoofing and such others forms of attacks have increased.

The list you provided is indeed good.... And a lot informative for newbies, who actually should be aware of the history of the company with whom they're sharing their privacy.

Your observation and comments about hackers is true, courses are on the increase and nowadays most of them can afford an ethical hacking course. A good percentage of these guys have malicious intentions, which ultimately raises the need if Cyber Security.

Anyways I'm with you as far as exposing the vulnerabilities are concerned for obvious reasons as I've stated above. Thanks for posting the link for the benefit of all!

@xdude: Most in the sense, most of the outdated ones. I mean people who are used to a particular theme or a plug-in (mainly plugins) mainly don't bother to shift to other's even that the plugins they use are outdated and no more maintened with things like security patches etc. But hackers target this vulnerability. They keep on finding vulnerabilities and ultimately when they get one, they exploit the innocent user and get him banned for nothing. This is the case at HelioHost also. A good percentage of the banned accounts are so owing to WordPress security problems with getting hacked and illicit content being displayed on their website without even their knowledge about it.

Anyways I've updated that in my previous post to prevent misunderstanding. Personally I like people contradicting me and you did, so I got a broader prospect to explain my point. Thanks BTW!
Sayan Bhattacharyya,

Heartiest thanks to Post4VPS and Virmach for my wonderful VPS 9!
Pages (2):


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
5,534
04-30-2021, 07:03 PM
Last Post: hamed

person_pin_circle Users browsing this thread: 4 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting