Skip to main content
  1. Home
  2. Computing
  3. News

“Have I Been Pwned?” owner uncovers 13 million plaintext passwords leaked from free webhost

By

000webhost, which implores users to “forget the stereotype that free hosting is unreliable” on its homepage, may need to re-think that bit of copy.

The free web host, which was both storing and transferring user information in plaintext, has been compromised. Users’ email address, passwords, and IP addresses are all being bought and sold by hackers. Passwords have been reset by the host, but anyone who used their passwords for other sites should change those as well.

Recommended Videos

This took a lot of work to get to the bottom of, hard to fathom hard bad this 000webhost breach is on many levels: https://t.co/xzRxvSTfiZ

— Troy Hunt (@troyhunt) October 28, 2015

Please enable Javascript to view this content

The leak was made public today in an extensive blog post written by web security expert Troy Hunt, who runs the site HaveIBeenPwned. The site lets anyone search a database of known leaks to find out if their personal information has ever been compromised, and occasionally people email him about unknown leaks.

“Hey,” a message Hunt received said, “approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisting of name, last name, email and plaintext password,”

Hunt looked into the claims, found out they were legitimate, then attempted to contact 000webhot to fill them in (Hunt doesn’t want HaveIBeenPwned to be a service that announces leaks).

Getting in touch with 000webhost, however, proved impossible –he basically got back only generic helpdesk advice. Eventually Hunt asked Forbes journalist Thomas Fox-Brewster for help getting in touch with the company, but they didn’t get back to him either. They did, however, change users’ passwords en masse – without informing anyone why.

Only after Fox-Brewster published an article about the breach, and Hunt published his blog post, did anyone at 000webhost publicly acknowledge the breach. A Facebook post informed users, along with a small note on the company’s website.

“Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed,” the homepage currently says. FTP access is reportedly cut off until November 10.

So, is free hosting reliable? Hunt, for his part, thinks you should be skeptical.

“When you see free or really cheap hosting and wonder why AWS / Azure / et al seem expensive, think of what corners they may be cutting,” he tweeted.

Probably good advice.

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
New Mac Studio release date, price and everything you need to know
Apple Mac Studio with M4 Max and M3 Ultra chips and two Apple Studio Display monitors.

The Apple Mac Studio has always packed a ton of power into a very diminutive block of what feels a lot like solid aluminum. It's designed to look like it's floating in air, and the majority of its ports are in the back and out of the way. There's simply no other desktop machine that takes up so little space and, frankly, looks so great on your desk.

The new model maintains all the best characteristics that makes it one of the best desktops while dramatically increasing the power. The previous generation hadn't yet received the faster GPU and Neural Engine performance, and that's now on tap. It's more expensive than ever, but if you need it, then it looks like it will deliver.
Release date and price
The new Mac Studio was announced on March 5, 2025, and will be available starting on March 12, 2025. That's earlier than many predictions, and very soon after its announcement.

Read more
The new Mac Studio absolutely baffles me in one key way
Apple Mac Studio with M4 Max and M3 Ultra chips and two Apple Studio Display monitors.

Way back when Steve Jobs returned to Apple and saved it from bankruptcy, he implemented his famous product quadrant: Apple should have desktops and laptops for consumers and professionals. These four categories should contain just one of the best Macs each -- no more, no less.

The idea was that you should be able to instantly differentiate each device and know who it’s for and what it does, and it worked incredibly effectively. Yet when I look at the new Mac Studio that Apple unveiled today, I get the feeling that Steve Jobs would be most displeased.

Read more
Google AI Mode will reinvent Search. I’m worried — and you should be, too
Google AI Mode for Search.

Google is pushing forward with more AI into how internet search works. Remember AI Overviews, which essentially summarizes the content pulled from websites, and presents it at the top of the Google Search page?

That error-prone feature is now expanding to the US market, powered by the new Gemini 2.0 AI models. It no longer requires a Google account sign-in, and has opened to users across all age groups. While that is a risky move in itself, Google is giving a similar blanket treatment to the whole Search page with a new AI Mode.

Read more