All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
13 Million Passwords Leaked - 000WebHost
"Earlier this week, I was contacted by Troy Hunt, Microsoft MVP and owner of haveibeenpwned.com, a website that sucks in email addresses from significant breaches so users can quickly check whether their data was compromised. Hunt informed me he’d been contacted by an anonymous source who’d passed along a database allegedly belonging to 000Webhost, containing usernames and passwords ostensibly belonging to just more than 13.5 million users. They didn’t appear to have been leaked online before and the database looked legitimate, piquing Hunt’s interest."
Also got an email from haveibeenpwned.com:
"In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed over 13 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords"
Read more:
http://www.forbes.com/sites/thomasbrewster/2015/10/28/000webhost-database-leak/
Comments
13.5 million users? Damn.
Entered my mails i remember atm, and just had 4 breaches!
darn. this is where password managers gets handy.
There should be a criminal offence for that...
For some reason I feel weary of entering my info to a website called: haveibeenpwned.com LOL Or is it just me?
Have a read here, for all the gory details. It's flat-out disturbing, and an utter trainwreck.
Why? Your mama told you to never use different passwords per site and you are too lazy to use a password manager?
Wasn't the founder/owner of this site shot and killed a while ago?
I would like to think this isn't a big deal because:
A. Who would be hosting anything of value on this service?
B. Everyone surely used unique passwords to shield the useless junk they were hosting, right?
But I guess I know better by now.
Yes: http://www.lowendtalk.com/discussion/55653/aurimas-rapalis-the-owner-of-hostinger-was-murdered-on-30th-of-last-month/p1
That's really a surprise.
Is 000webhost linked to YouHosting/Hostinger too if I remember well?
000webhost suddenly locked my free account claiming I breached the terms, which I didn't (I embedded a proxy script from a different website). They would not acknowledge this and said they would only unlock my account if I paid for premium or whatever.
I bet the dead CEO sold the data in March, had his death faked by announcing Bobby Jones killed Bob Jones and sailed off with the cash when they were revealed. It all comes together!
That's their typical data ransom extortion scenario. You break their terms of service when you register on their site so this shouldn't come as a surprise.
https://www.google.co.uk/search?q=000webhost+data+ramsoming&ie=utf-8&oe=utf-8&gws_rd=cr&ei=uv4wVr_wGoreUZ6NvfgN
Damn, my email address was in the db. I had a 000webhost account 6 yrs back I think. Hope I don't get viagra ads now.
IIRC they're a free hosting site and the domain is one of dozens that all run under the same network. Really a relic from the 90's and early 2000's of "free shared hosting".
I bet they've not updated much of their codebase in years, hence the nasty breach.
You'd be surprised. I once saw some nasty php errors right on their website.
damn...my email was breached as well... but it was a 7 year old account .. i dont even know what password I used back then
damn...my email was breached as well... but it was a 7 year old account .. i dont even remember what password I used back then
damn...my email was breached as well... but it was a 35 year old account .. i dont even remember what password I used back then
Actually their site looks completely down from my side.
"An error occurred in the application and your page could not be served. Please try again in a few moments.
If you are the application owner, check your logs for details.
"
It really should.
The funniest part is that they're using Heroku.
Errrrr.. What? Didn't get what you trying to say, bud.
any way i can see my password used there? it was years ago, i dont remember
The negative news can also serve as advertisement . NO? so that free hosting company was that much popular ?
Not until the database leaks. But it shouldn't matter - you shouldn't be reusing passwords anywhere. If you are, then change them right now, no matter which passwords you think have leaked, and use a password manager like KeePass (Windows) or KeePassX (Linux, OS X).
No, it is not just you. Still, you have to trust them. If you look at the FAQ, it says: "Q: How do I know the site isn't just harvesting searched email addresses? A: You don't, but it's not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you're concerned about the intent or security, don't use it."
https://haveibeenpwned.com/FAQs
It would have been better if users could enter a hash of the email or username, then check, but...
On the other hand, if there is no match, the website would not know what you are querying for...
i am really begin to consider using a password manager even paid versions. i dont have the pratics, do you use different random passwords for every site and save them in app?
Aye. This was a rough thing for me and it took me longer than it should have to do it, but the peace of mind that followed was incredible. I've been in a few DB leaks and couldn't care less about it now.