Skip to main content
  1. Home
  2. Computing
  3. News

“Have I Been Pwned?” owner uncovers 13 million plaintext passwords leaked from free webhost

Justin Pot
By

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
000webhost, which implores users to “forget the stereotype that free hosting is unreliable” on its homepage, may need to re-think that bit of copy.

The free web host, which was both storing and transferring user information in plaintext, has been compromised. Users’ email address, passwords, and IP addresses are all being bought and sold by hackers. Passwords have been reset by the host, but anyone who used their passwords for other sites should change those as well.

Recommended Videos

This took a lot of work to get to the bottom of, hard to fathom hard bad this 000webhost breach is on many levels: https://t.co/xzRxvSTfiZ

— Troy Hunt (@troyhunt) October 28, 2015

The leak was made public today in an extensive blog post written by web security expert Troy Hunt, who runs the site HaveIBeenPwned. The site lets anyone search a database of known leaks to find out if their personal information has ever been compromised, and occasionally people email him about unknown leaks.

“Hey,” a message Hunt received said, “approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisting of name, last name, email and plaintext password,”

Hunt looked into the claims, found out they were legitimate, then attempted to contact 000webhot to fill them in (Hunt doesn’t want HaveIBeenPwned to be a service that announces leaks).

Getting in touch with 000webhost, however, proved impossible –he basically got back only generic helpdesk advice. Eventually Hunt asked Forbes journalist Thomas Fox-Brewster for help getting in touch with the company, but they didn’t get back to him either. They did, however, change users’ passwords en masse – without informing anyone why.

Only after Fox-Brewster published an article about the breach, and Hunt published his blog post, did anyone at 000webhost publicly acknowledge the breach. A Facebook post informed users, along with a small note on the company’s website.

“Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed,” the homepage currently says. FTP access is reportedly cut off until November 10.

So, is free hosting reliable? Hunt, for his part, thinks you should be skeptical.

“When you see free or really cheap hosting and wonder why AWS / Azure / et al seem expensive, think of what corners they may be cutting,” he tweeted.

Probably good advice.

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
5 headsets you should buy instead of the Vision Pro
Apple Vision Pro

The Vision Pro is a great piece of technology that's built specifically to fit into Apple’s ecosystem, but there are plenty of other great VR headsets to choose from. Many cost less while offering similar experiences. A few even challenge Apple head-on, matching and exceeding the Vision Pro's advanced technology.

Here are five headsets you should buy instead of the Vision Pro and why you might like them better than Apple's spatial computer.
Meta Quest 3

Read more
10 best desktop computers of 2024: tested and reviewed
The iMac screen on a desk.

There are hundreds of desktop PCs you can buy from brands like HP, Dell, Apple, and Lenovo, but only a select few make it on our list of the best desktops. We've reviewed dozens of desktop PCs across both Windows and macOS, and these 10 stand out from the pack.

The Dell XPS Desktop 8960 remains the best desktop PC you can buy in 2024. However, we have several other options depending on your budget and needs, including desktops for gaming, remote work, and more. We'll provide a quick overview here, but make sure to read our write-up on how we review desktops for a deeper look at our evaluation process.

Read more
This Serta office chair is on sale from $360 to $230
The Serta Smart Layers Brinkley Manager Chair on a white background.

Are you on the hunt for office chair deals? Here's one that should help boost your productivity -- the Serta Smart Layers Brinkley Manager Chair for only $230, following a $130 discount from Lenovo on its original price of $360. We're not sure how much time is remaining before you lose the chance to get this office chair at 36% off though, so if you're interested in this offer, we highly recommend that you push through with the transaction as soon as possible. Any delay may cause you to miss out on this bargain.

Why you should buy the Serta Smart Layers Brinkley Manager Chair
For an office chair that provides both comfort and performance, you can't go wrong with the Serta Smart Layers Brinkley Manager Chair. It features five layers of foam with ComfortCoils that are individually wrapped, for the ability to provide relief on the critical pressure points of the body while maintaining pleasant temperatures even during extended use. The office chair's ergonomic design, lumbar support, and waterfall seat cushion makes it even more comfortable so you won't get body pains when your daily workload forces you to sit for several hours each day.

Read more