13 million passwords compromised in webhost hack

[Read the post]

I recall looking at these guys when I was looking for cheap webhosting for a throwaway project. Glad I decided against using them.

Web hosting company storing user pwds in plain text? How do technologically-minded people capable of setting up a web hosting company NOT store passwords with even the smallest touch of security? Rhetorical question and I’m glad I host with somebody else (even though, for all I know, they’re doing the same thing).


000Webhost users

Which means…?

Besides storing all the passwords in cleartext, these guys had also refused to upgrade to newer versions of PHP for some silly reason. Complete incompetents.


They endorse the idea of repealed mathematics?


The NSA really doesn’t need any backdoors at all, do they? Face, meet palm.


I guess I shouldn’t expect much out of a company named 000Webhost, a name designed to appear first in an alphabetical list. If that’s the main driver of new customers (as opposed to reputation, good reviews, good customer support, etc.) I shouldn’t expect technical excellence.

Still, at some point there’s a difference between letting things slip a bit (depending on how old a version of PHP we’re talking about) and gross criminal negligence. There’s no excuse, ever, for storing passwords in plaintext in your database. We’ve known how to cryptographically secure passwords since the 70s. It’s the basics of authentication. “There oughta be a law” is often used for spurious horseshit, but this is completely unacceptable and probably should warrant partial legal responsibility, if not criminal penalties.


Well thank god I made sure my password had an uppercase letter, a lowercase letter, a number and contained no common phrases! To prevent things like this from happening!


Their web-admins don’t believe in hiding information–they’re all about openness and transparency.

Wrong employer?


1 Like

I was going to question how a not very well known company can have 13 million customers but then I looked at their site and found they offer free web hosting which is “better than paid hosting” apparently. If anyone was wondering how they can survive as a business offering a free service like this, now you know.

Also, I love this from their homepage:

Sign me up!

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.