08-28-2019, 04:36 PM
As you can read on their official blog, Hostinger suffered an unauthorized access to their database. That databases contains personal data, not finantials informations such as CC, such as name, surname email, hashed password, IP addresses, company name, phone and home address/business address.
It is good that the company alerted its customers and it is forcing the change of password, but how did a "unauthorized token" get on their back-end?
We don't know how not finantials data is stored, did Hostinger hashed also generic information such as addresses, names? Or they just applied hashing to password?
According to GDPR, a database should be encrypted, so if it is stolen it can't be read; but what can do a company if the "hacker" has full access to their system?
There is a lot of information about how a company manage our data that we don't know.
Let's talk about data protection!
It is good that the company alerted its customers and it is forcing the change of password, but how did a "unauthorized token" get on their back-end?
- Bug exploit?
- A developer that set up a back-door?
We don't know how not finantials data is stored, did Hostinger hashed also generic information such as addresses, names? Or they just applied hashing to password?
According to GDPR, a database should be encrypted, so if it is stolen it can't be read; but what can do a company if the "hacker" has full access to their system?
There is a lot of information about how a company manage our data that we don't know.
Let's talk about data protection!