Skip to main content

000webhost hacked, millions of customers at risk

000webhost, a free web hosting service, has suffered a data breach which put some 13 million of its users at risk. The company announced the breach on Wednesday through a Facebook post (opens in new tab).

The company said a hacker used an exploit in old PHP version to upload "some files”, allowing him to gain access to the company’s systems.

“Although the whole database has been compromised, we are mostly concerned about the leaked client information,” the post reads.

The information acquired through the breach was posted online, 000webhost says, adding that the company removed all illegally uploaded pages as soon as they became aware of the breach.

“Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress.”

According to Troy Hunt, Microsoft MVP for Developer Security, the record dump contained plain text passwords, meaning whoever stole them could have started using them straight away.

As a result, if these passwords are used on any other services, users should change them as soon as possible. 000webhost has also asked users to change their account passwords following a site-wide reset, but at the time of writing the website is down for repairs and there is nothing customers can do at present.

“We apologize for this hassle but it has to be done to ensure your data is safe. We are going to upgrade our systems step by step and will be aiming to be super-careful in future,” 000webhost concludes.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.