000Webhost Finally Admits Massive User-Data Hack
It’s hardly a secret that when it comes to web hosting, bargain-basement isn’t always best. Quite to the contrary in fact as when it comes to general performance, customer service, reliability and so on and so forth, you get what you pay for…it’s as simple as that. Which in turn means that if you aren’t paying anything at all, you can’t expect a great deal.
The thing is though, when you find yourself with all manner of freebies being pretty much waggled in your face, it’s often hard to say no. After all, even if what you get out of the deal isn’t much at all, you really can’t complain given the price – or lack thereof. Or at least that’s how it appears on the surface, though as we’ve once again learned this week in a rather painful lesson from "free" web hosting company 000Webhost, freebies have the potential to be costlier than you realise.
The long and short of it is pretty brutal…and scary to say the least…as 000Webhost has confirmed that the private data of some 13 million customers have been well and truly stolen. 13 million being a pretty hefty number by anyone’s reckoning – all such customers having just found out that their names, email addresses and passwords have fallen into very wrong hands indeed. And just for the record, this was no exercise in pointing out the clearly inappropriate security level over at 000Webhost. Instead, reports suggest that the information is already being sold and distributed on the black market.
Of course at this point you might be wondering what all the fuss is about. Free site, free service and no financial details – why worry about the info going astray? In a nutshell – it’s all about the fact that pretty much every web user out there…if we’re honest…uses the same password for multiple accounts. Meaning that once they have your login details for one site or service, chances are they’ll have easy access to a bunch of your other accounts and services.
What’s worst of all in this instance however is how the hack itself reportedly took place no less than five months ago. As such, those who ripped off all this data have had a pretty epic free-run during which the rightful owners of the data won’t have known they were in any kind of danger…and should be changing their passwords. Those who follow the ‘one password, one account’ rule having nothing to worry about, the rest not coming out quite so favourably.“A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information,” the site finally explained.
They also confirmed their changing of every single member password as of October 15, though suffice to say in the eyes of a fair few, it’s all too little too late.
Of course it’s not to say that every single free hosting service on the web should be written off as downright dangerous. But at the same time, it does certainly call into question how much/little effort is made to protect the accounts of subscribers who are actually paying a penny for the privilege.