Hostinger web host data breach impacts nearly 14 million users

Written 9 months ago by IanDorfman

Web hosting service Hostinger has announced that it has reset every user's password following the discovery of a data breach that impacts 14 million users of the service.

As detailed in a post on Hostinger's official blog, an unauthorized third party accessed an API service that included the following information on 14 million registered users:

Usernames
Emails
Hashed passwords
First names
IP addresses

Hostinger repeatedly refers to the service-wide password reset for every user as a "precautionary measure," with emails containing further information about the password reset sent out to all Small Hostinger iconHostinger users as well. The web host also emphasizes that no other data, such as websites, emails, and other account data, was impacted in any way by this breach.

In addition to a customary "thorough internal investigation," Hostinger has brought together data scientists and forensics experts sourced both internally and externally in order to get to the bottom of who's responsible for the breach, with the investigation still in its "early stages."

In order to best protect your accounts on the Internet, Hostinger concludes its blog post by recommending that you choose strong and unique passwords for all sites and services you have accounts on, as well as ensure that you don't open unsolicited communication without knowing exactly who it's from.

If you don't have a password manager such as Small LastPass iconLastPass or Small 1Password icon1Password at this point, it comes highly recommended.

Further coverage:
Hostinger Blog
TechCrunch
BleepingComputer