Skip to main content

“Have I Been Pwned?” owner uncovers 13 million plaintext passwords leaked from free webhost

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
000webhost, which implores users to “forget the stereotype that free hosting is unreliable” on its homepage, may need to re-think that bit of copy.

The free web host, which was both storing and transferring user information in plaintext, has been compromised. Users’ email address, passwords, and IP addresses are all being bought and sold by hackers. Passwords have been reset by the host, but anyone who used their passwords for other sites should change those as well.

This took a lot of work to get to the bottom of, hard to fathom hard bad this 000webhost breach is on many levels: https://t.co/xzRxvSTfiZ

— Troy Hunt (@troyhunt) October 28, 2015

The leak was made public today in an extensive blog post written by web security expert Troy Hunt, who runs the site HaveIBeenPwned. The site lets anyone search a database of known leaks to find out if their personal information has ever been compromised, and occasionally people email him about unknown leaks.

“Hey,” a message Hunt received said, “approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisting of name, last name, email and plaintext password,”

Hunt looked into the claims, found out they were legitimate, then attempted to contact 000webhot to fill them in (Hunt doesn’t want HaveIBeenPwned to be a service that announces leaks).

Getting in touch with 000webhost, however, proved impossible –he basically got back only generic helpdesk advice. Eventually Hunt asked Forbes journalist Thomas Fox-Brewster for help getting in touch with the company, but they didn’t get back to him either. They did, however, change users’ passwords en masse – without informing anyone why.

Only after Fox-Brewster published an article about the breach, and Hunt published his blog post, did anyone at 000webhost publicly acknowledge the breach. A Facebook post informed users, along with a small note on the company’s website.

“Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed,” the homepage currently says. FTP access is reportedly cut off until November 10.

So, is free hosting reliable? Hunt, for his part, thinks you should be skeptical.

“When you see free or really cheap hosting and wonder why AWS / Azure / et al seem expensive, think of what corners they may be cutting,” he tweeted.

Probably good advice.

Editors' Recommendations

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Can you use the Surface Pen with the Surface Laptop Studio 2?
New Surface Laptop Studio 2 with a Surface Pen.

The Surface Pen is an excellent accessory for the Surface Laptop Studio 2, and yes, it works well with it. You can use the Surface Pen on the Surface Laptop Studio 2 for all kinds of tasks, from note-taking to doodlin, and sketching. The screen of the next-gen Surface Laptop Studio might be the same as the last one, but it still really lends itself to that sort of nuanced interaction, letting you get pixel-perfect drawing and writing from the Surface Pen.

Th Pen is still magnetic too, so it's always on hand when you need it.

Read more
Microsoft Bing and Edge are getting a big DALL-E 3 upgrade
Microsoft Copilot comes to Bing and Edge.

Microsoft Copilot is coming to Bing and Edge Microsoft

You'll soon be hearing more about Microsoft Copilot and Bing Image Creator as these innovative technologies come to Microsoft Edge and Bing. The news of their arrival was delivered at Microsoft's Surface Event, along with several more AI and hardware announcements.

Read more
I tested Nvidia’s DLSS 3.5, and it transforms ray tracing (for a select few)
Reflections on the street in Cyberpunk 2077.

Nvidia's Deep Learning Super Sampling (DLSS) is getting a huge boost. The new DLSS 3.5 update adds a feature called Ray Reconstruction to the suite, and it promises to make ray tracing more realistic than ever before. I've tested it, and Nvidia was telling the truth.

Ray Reconstruction brings ray tracing to new heights of realism, and it's a fantastic addition to the DLSS suite. Even better, it works across all RTX graphics cards, unlike Nvidia's DLSS Frame Generation. However, there could be a problem with support as we see more games release with the feature. Ray Reconstruction may work with any RTX GPU, but it could be a feature that's only realistic for intensive ray tracing that requires one of the latest and greatest GPUs.
What ray tracing should be

Read more