Hostinger.com has reset all client passwords as a precautionary measure following a recent security incident.
An unauthorized 3rd party had gained access to its internal system API, one of which had access to hashed passwords & other non-financial data of customers.
The incident happened on Aug 23, 2019. One of the servers had been “accessed by an unauthorized party.” This server contained an authorization token, which was used to obtain further access and escalate privileges to the RESTful API Server, used to query the details about clients & their accounts, said Hosting.com
The database table that holds client data, had information about 14 million Hostinger users. After a thorough internal investigation, the company said Hostinger client accounts & data stored on those accounts remained untouched & unaffected.
