“Have I Been Pwned?” owner uncovers 13 million plaintext passwords leaked from free webhost

By Justin Pot Published August 24, 2017

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we — guteksk7/Shutterstock

000webhost, which implores users to “forget the stereotype that free hosting is unreliable” on its homepage, may need to re-think that bit of copy.

The free web host, which was both storing and transferring user information in plaintext, has been compromised. Users’ email address, passwords, and IP addresses are all being bought and sold by hackers. Passwords have been reset by the host, but anyone who used their passwords for other sites should change those as well.

Recommended Videos

This took a lot of work to get to the bottom of, hard to fathom hard bad this 000webhost breach is on many levels: https://t.co/xzRxvSTfiZ

— Troy Hunt (@troyhunt) October 28, 2015

Please enable Javascript to view this content

The leak was made public today in an extensive blog post written by web security expert Troy Hunt, who runs the site HaveIBeenPwned. The site lets anyone search a database of known leaks to find out if their personal information has ever been compromised, and occasionally people email him about unknown leaks.

“Hey,” a message Hunt received said, “approximately 5 months ago, a certain hacker hacked into 000webhost and dumped a 13 million database consisting of name, last name, email and plaintext password,”

Hunt looked into the claims, found out they were legitimate, then attempted to contact 000webhot to fill them in (Hunt doesn’t want HaveIBeenPwned to be a service that announces leaks).

Getting in touch with 000webhost, however, proved impossible –he basically got back only generic helpdesk advice. Eventually Hunt asked Forbes journalist Thomas Fox-Brewster for help getting in touch with the company, but they didn’t get back to him either. They did, however, change users’ passwords en masse – without informing anyone why.

Only after Fox-Brewster published an article about the breach, and Hunt published his blog post, did anyone at 000webhost publicly acknowledge the breach. A Facebook post informed users, along with a small note on the company’s website.

“Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed,” the homepage currently says. FTP access is reportedly cut off until November 10.

So, is free hosting reliable? Hunt, for his part, thinks you should be skeptical.

“When you see free or really cheap hosting and wonder why AWS / Azure / et al seem expensive, think of what corners they may be cutting,” he tweeted.

Probably good advice.

Topics

Former Digital Trends Contributor

Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…

Computing

Nvidia celebrates Trump, slams Biden for putting AI in jeopardy

The Nvidia RTX 5090 GPU.

In response to new export restrictions placed on AI GPUs, Nvidia posted a scathing blog criticizing the outgoing Biden-Harris administration. The administration's Interim Final Rule on Artificial Intelligence Diffusion largely targets China with restrictions on AI GPUs, according to Newsweek.

Nvidia disagrees. "While cloaked in the guise of an 'anti-China' measure, these rules would do nothing to enhance U.S. security. The new rules would control technology worldwide, including technology that is already widely available in mainstream gaming PCs and consumer hardware. Rather than mitigate any threat, the new Biden rules would only weaken America’s global competitiveness, undermining the innovation that has kept the U.S. ahead," wrote Nvidia's vice president of government of affairs Ned Finkle.

Computing

This new DirectX feature could completely change how PC games work

A scene from Fortnite running in Unreal Engine 5.

Microsoft has announced that neural rendering capabilities are coming to DirectX soon. Cooperative vector support, as it's called, will lead to "cross-platform enablement of neural rendering techniques," according to Microsoft, and it will usher in "a new paradigm in 3D graphics programming."

It sounds buzzy, but that's not without reason. This past week, Nvidia announced its new range of RTX 50-series graphics cards, and along with them, it revealed a slate of neural rendering features. Neural shaders, as Nvidia calls them, allow developers to execute small neural networks from shader code, running them on the dedicated AI hardware available on Nvidia, AMD, Intel, and Qualcomm GPUs. Microsoft is saying that it will enable these features on all GPUs, not just those sold by Nvidia, through the DirectX API.

Computing

This gaming PC with an RTX 4060 is on sale for $1,000 today

The iBuyPower Trace 7 on a white background.

Best Buy often has some great gaming PC deals, with one highlight available today: Right now, you can buy the iBuyPower Trace 7 gaming PC for $1,000 instead of $1,300. The PC includes the RTX 4060 GPU, so it’s ideal for mid-range gaming. It even comes with a keyboard and mouse, so you only need to make sure you have a screen to add to it. If you’re looking to upgrade your gaming PC for less, here’s what it has to offer.

Why you should buy the iBuyPower Trace 7
You won’t see anything from iBuyPower in our look at the best gaming PCs, but don’t let that discourage you. This is still a good option for those on a budget. This particular model has great hardware for the price. It has an AMD Ryzen 7 5700 CPU teamed up with 16GB of RAM and 1TB of SSD storage. More pivotal for a gaming PC is its graphics card: a GeForce RTX 4060 with 8GB of VRAM.