Internet domain registrar Hostinger International says it has reset customer passwords following a data breach in which an outsider accessed a database containing information about 14 million users.
Founded in 2004, Hostinger is a web hosting service that markets itself as a digital backbone for small and medium websites. The site on Sunday disclosed a security incident, saying in a blog post that “an unauthorized third party has gained access to our internal system API, one of which had access to hashed passwords and other non-financial data about our customers.” The breached API database includes client usernames, emails, hashed passwords, first names and IP addresses about 14 million Hostinger users.
The exact number of affected users of the 14 million in that database was not immediately clear.
The hosting provider said it uses a cryptographic hash function to encrypt all client password by using a one-way mathematical process to convert credentials to a random set of characters. Now, Hostinger says it reset customer passwords as a “precautionary measure.”
The company says it learned about the incident on Aug. 23. Payment information remains unaffected, according to an initial investigation, because Hostinger processes financial data through a third-party provider that outsiders did not breach.
Hostinger also advised that information gleaned from this breach could be used to conduct phishing attacks, and to be wary of unsolicited communications.
The company says it will provide updates on a status page as its investigation into the matter moves forward.