Web hosting provider company Hostinger suffers from a massive cyber breach. This attack has forced the company to reset the password of more than 14 million customers. This number is approximately half its total customers.
The company has revealed that “an unauthorized third party” has breached one of its servers. This has allowed the attackers to gain access to hashed passwords as well as other non-financial data associated with millions of its customers.
The security breach has been estimated to have occurred on 23rd August. This happened when unknown hackers found authorization token on one of the servers of the company. The hacker then, used it for gaining access to an internal system API without the requirement of username and password.
Once the cyber breach was discovered, the company restricted its vulnerable system, denied this access as well as contacted the concerned authorities.
The API database hosts the personal information of approximately 14 million customers along with their usernames, hashed passwords, emails, first names as well as IP addresses that have been accessed by hackers.
Why did Hostinger became the victim of such a huge cyber breach?
The company allegedly used weak SHA-1 hashing algorithm for scrambling Hostinger client passwords. The company does not have a two-factor authentication for customers’ accounts.
What is Hostinger doing to cope up with the situation?
- The company has reset every Hostinger Client login passwords through SHA-2 algorithm. It has sent out emails password recovery emails to each affected consumer.
- The company has urged its customers to set a strong and unique password.
- Customers have been advised to remain cautious of suspicious emails that ask them either click on the links or download attachments.
How to Prevent Such Cyber Breach?
Cyber security firms like Kratikal ensure that employees within the organization are prepared to understand various attacks involving. This is ensured with Kratikal’s flagship product known as ThreatCop.
With ThreatCop’s four step attack simulator and awareness cycle, it is ensured that employees can not only identify but also, can learn about various attack methodologies that lead to such cases of cyber breach. This is done with the help of customized learning awareness modules that includes newsletters, advisories, case studies etc.
In order to increase the retention of the accumulated knowledge, employees are presented with assessments. The last step of the cycle includes a simulated attack that completes the cycle of employees awareness training.