Skip to main content
  1. Home
  2. Computing
  3. News

“Have I Been Pwned?” owner uncovers 13 million plaintext passwords leaked from free webhost

Justin Pot
By

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
000webhost, which implores users to “forget the stereotype that free hosting is unreliable” on its homepage, may need to re-think that bit of copy.

The free web host, which was both storing and transferring user information in plaintext, has been compromised. Users’ email address, passwords, and IP addresses are all being bought and sold by hackers. Passwords have been reset by the host, but anyone who used their passwords for other sites should change those as well.

Recommended Videos

This took a lot of work to get to the bottom of, hard to fathom hard bad this 000webhost breach is on many levels: https://t.co/xzRxvSTfiZ

— Troy Hunt (@troyhunt) October 28, 2015

The leak was made public today in an extensive blog post written by web security expert Troy Hunt, who runs the site HaveIBeenPwned. The site lets anyone search a database of known leaks to find out if their personal information has ever been compromised, and occasionally people email him about unknown leaks.

“Hey,” a message Hunt received said, “approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisting of name, last name, email and plaintext password,”

Hunt looked into the claims, found out they were legitimate, then attempted to contact 000webhot to fill them in (Hunt doesn’t want HaveIBeenPwned to be a service that announces leaks).

Getting in touch with 000webhost, however, proved impossible –he basically got back only generic helpdesk advice. Eventually Hunt asked Forbes journalist Thomas Fox-Brewster for help getting in touch with the company, but they didn’t get back to him either. They did, however, change users’ passwords en masse – without informing anyone why.

Only after Fox-Brewster published an article about the breach, and Hunt published his blog post, did anyone at 000webhost publicly acknowledge the breach. A Facebook post informed users, along with a small note on the company’s website.

“Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed,” the homepage currently says. FTP access is reportedly cut off until November 10.

So, is free hosting reliable? Hunt, for his part, thinks you should be skeptical.

“When you see free or really cheap hosting and wonder why AWS / Azure / et al seem expensive, think of what corners they may be cutting,” he tweeted.

Probably good advice.

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Quest Pro 2: What we know about Meta’s next premium VR headset
From a side view, you can see how glasses can be worn along with a Quest Pro.

While Meta’s Quest Pro is one of the best VR headsets available, it never reached its full potential as a laptop replacement for spatial computing. Meta hasn’t given up on making a work-centric solution, and rumors suggest a Meta Quest Pro 2 is still in development. Here’s what we know so far about Meta's answer to Apple's Vision Pro.
Meta Quest Pro 2 release date speculation
It’s difficult to make a solid prediction on when Meta will launch the Quest Pro 2. Meta CTO Andrew “Boz” Bosworth made it clear in an Instagram AMA that Meta is continually prototyping new VR headsets to find out what’s possible with current technology. That gives Meta more flexibility than manufacturers that research for years before doing hardware testing.

If Meta is satisfied with the performance of the Snapdragon XR2+ Gen 2 and LG can deliver enough micro-OLED displays, the Quest Pro 2 could arrive as early as this October at Meta Connect 2024.

Read more
Does RAM speed matter for PC performance?
Installing RAM sticks in a motherboard.

RAM is one of the primary components in a PC, and it's important that you have at least a certain amount of RAM depending on what you want to do with your PC. However, there are more things to RAM than just capacity: Frequency and latency are important considerations, too.

The question of whether RAM speed matters is especially important now that we have two generations of RAM available, both DDR4 and DDR5 -- and they have vastly different speeds. The official maximum clock speed for DDR4 was 3200MHz, while DDR5 starts at 4800MHz, an increase of 50%; however, you'll easily find RAM kits reaching above 7000MHz. Although latency significantly went up, from CL14 on most 3200MHz DDR4 kits to CL40 on most 4800MHz DDR5 kits, DDR5 is still found to be faster.

Read more
The 6 best 2-in-1 laptops for drawing in 2024
Portal RTX running on the Surface Laptop Studio 2.

Whether you're a seasoned professional or enjoy drawing as a hobby, investing in a 2-in-1 laptop is a great idea for all sorts of artists. Drawing on a laptop makes it easy to quickly share your creation with others, which is especially useful if you're doing it as a professional–negating the need to upload your pen-and-paper sketch to the computer before sending it to a client. Moreover, working on a laptop lets you undo mistakes, zoom in to better handle small details, and quickly change utensils.

There are a lot of perks to drawing on a 2-in-1 laptop, but not all of them are great for creators. Some have unresponsive displays that can't register all your movements, while others might have a lackluster resolution or color spectrum that turns most images into a muddled mess. Because of that, it can be hard figuring out which laptop is best for your needs. And if you'll be spending a good chunk of change on the laptop, you'll want to make sure you get it right.

Read more