“Have I Been Pwned?” owner uncovers 13 million plaintext passwords leaked from free webhost

By Justin Pot Published August 24, 2017

000webhost, which implores users to “forget the stereotype that free hosting is unreliable” on its homepage, may need to re-think that bit of copy.

The free web host, which was both storing and transferring user information in plaintext, has been compromised. Users’ email address, passwords, and IP addresses are all being bought and sold by hackers. Passwords have been reset by the host, but anyone who used their passwords for other sites should change those as well.

Recommended Videos

This took a lot of work to get to the bottom of, hard to fathom hard bad this 000webhost breach is on many levels: https://t.co/xzRxvSTfiZ

— Troy Hunt (@troyhunt) October 28, 2015

The leak was made public today in an extensive blog post written by web security expert Troy Hunt, who runs the site HaveIBeenPwned. The site lets anyone search a database of known leaks to find out if their personal information has ever been compromised, and occasionally people email him about unknown leaks.

“Hey,” a message Hunt received said, “approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisting of name, last name, email and plaintext password,”

Hunt looked into the claims, found out they were legitimate, then attempted to contact 000webhot to fill them in (Hunt doesn’t want HaveIBeenPwned to be a service that announces leaks).

Getting in touch with 000webhost, however, proved impossible –he basically got back only generic helpdesk advice. Eventually Hunt asked Forbes journalist Thomas Fox-Brewster for help getting in touch with the company, but they didn’t get back to him either. They did, however, change users’ passwords en masse – without informing anyone why.

Only after Fox-Brewster published an article about the breach, and Hunt published his blog post, did anyone at 000webhost publicly acknowledge the breach. A Facebook post informed users, along with a small note on the company’s website.

“Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed,” the homepage currently says. FTP access is reportedly cut off until November 10.

So, is free hosting reliable? Hunt, for his part, thinks you should be skeptical.

“When you see free or really cheap hosting and wonder why AWS / Azure / et al seem expensive, think of what corners they may be cutting,” he tweeted.

Probably good advice.

Topics

Former Digital Trends Contributor

Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…

Computing

Intel Arc GPU users lose Deep Link features as support ends without notice

The back of the Intel Arc B580 graphics card.

Intel has quietly discontinued its Deep Link technology, the suite of features designed to enhance collaboration between its CPUs and GPUs. Notably, the confirmation did not come through an official announcement, but via a developer comment on a public GitHub thread, where an Intel representative acknowledged that Deep Link is “no longer actively maintained.”

Launched in 2020 alongside Intel’s push into discrete graphics, Deep Link aimed to improve performance and efficiency in systems combining Intel 11th, 12th, or 13th generation processors with Intel Arc GPUs. It bundled several features like Dynamic Power Share which redirected power between the CPU and GPU based on load, Hyper Encode that enabled multi-engine video encoding, and Stream Assist for offloading media tasks to the GPU during live streaming.

Computing

AMD CPUs should support CUDIMM memory soon, but not this generation

Official product render of the G.Skill Trident Z5 Neo memory for AMD.

AMD processors can't make full use of CUDIMM memory just yet, but it may well do before the end of this socket. In a recent interview with DigitalTrends, AMD's product management lead for gaming and workstations, Sourabh Dhir, told us that there was no reason that AM5 couldn't support CUDIMM, but wouldn't be draw on a timeline of when we might see it.

Considering we expect AM5 to be AMD's flagship CPU socket for the next couple of generations at least, that probably means we don't have long to wait for the added memory speed support.

Computing

Asus’ new RTX 5090 might be the most ridiculous GPU ever, and it costs $10,000

RTX 5090 Dhahab Edition.

It's no news that Nvidia makes some of the best graphics cards, and Asus is one of its most prominent partners. However, this time the company truly took things to the next level by launching an RTX 5090 that just might be the most ridiculous GPU I've ever seen. Prices range from $7,000 to over $10,500, and there's a good reason for that ... kind of.

The unique Asus ROG Astral RTX 5090 "Dhahab Edition" draws inspiration from the Middle East. In the announcement, Asus says that the card blends modern technology and cultural heritage, reflecting the rapid growth of the Middle East."