Due to the detection of an unauthorized access to the database that stores its customers’ information, and as a measure of preventing future cyberattacks, the web hosting company Hostinger forced a massive password reset of an important part of its 14 million users, digital forensics experts report.
Through a statement, the Lithuania-based company mentioned: “An unauthorized third party gained access to the API of our internal systems, which ultimately granted it access to our users’ encrypted passwords, among other data related to service payment”. The company was founded in 2004 and has nearly 30 million users in more than 170 countries.
This security incident was detected a couple of
weeks ago, although the company was notified until August 23 by a group of
digital forensics experts. Threat actors reportedly would have used an
authorization token
on the server to access the company’s systems without using access credentials;
the hackers subsequently performed a privilege escalation attack to gain
greater access to Hostinger systems.
This attack gave the threat actors full control
of an API server, allegedly used to query some details about customer accounts,
such as names, email addresses, phones, encrypted passwords, and Hostinger IP
addresses. The company asserts that financial data and information about its
customers’ web domains has not been affected during this incident.
The company’s spokespersons claim that their
systems do not store details of their customers’ payment cards, as the
responsibility of managing these details was granted to third-party vendors
which have “the best security and service certifications”; however, Hostinger
refrained from disclosing the names of these providers. In a subsequent digital
forensics report, the company mentioned that this access was suppressed, the
API was secured and related systems are being constantly monitored by its IT
team.
As for the compromised access, specialists
mention that a server might generate a digitally signed authorization token to
verify its authenticity to access a server with admin privileges. On the other
hand, the company states that its internal investigation is still in progress:
“We are implementing new security protocols and establishing stricter
controls for access to our networks and servers”. In addition, Balys Kriksciunas,
CEO of Hostinger, mentions that the exact number of customers affected
“due to the characteristics of this security breach” is still
unknown. The company has already notified most affected customers via email,
and has also published constant updates about the incident through its website
and social media profiles.
International Institute of Cyber Security (IICS)
digital forensics specialists mention that there is a risk that compromised
information could be used in spear phishing campaigns, so they recommend
potentially affected users stay alert about sending malicious emails, as well
as establish tighter controls for controlling their Hostinger websites, such as
multi-factor authentication, or any other security option.
