Security researcher Paulos Yibelo tested five of the world's biggest web hosting services for flaws and unveiled that all five were vulnerable. Not just 'vulnerable', but in fact so flawed that data mining and account takeover wouldn't even require breaking a sweat.
Roughly a dozen flaws were uncovered, some so simple as just a click on a link.
The hosting services that were analysed were Bluehost, DreamHost, Hostgator, OVH and iPage. That amounts to roughly seven million domains. Apparently, they patched up the flaw before the information went public. OVH is yet to confirm, as the service is still quiet on the matter.
“All five had at least one serious vulnerability allowing a user account hijack,” he told TechCrunch (opens in new tab).
According to Yibelo, the flaws are the result of aging infrastructure, complicated back-end systems and companies with massive user databases.
We're yet to learn if anyone took advantage of the flaws or not. DreamHost claims nobody exploited the bug, while the spokesperson for Bluehost, Hostgator and iPage did not answer the question.
The full breakdown of all five hosting services and their vulnerabilities can be found on this link (opens in new tab).
Image Credit: Welcomia / Shutterstock
- Here's our list of the best web hosting services (opens in new tab) around today