In a blog post, Hostinger, one of the biggest web hosting providers on the internet, said it reset user passwords as a “precautionary measure” following a security breach that may affect up to 14 million users.
On Thursday, the company confirmed that “an unauthorized third-party” gained access to one of its servers. There, the hacker found an authorization token and used it to gain further access to the company’s systems, including an API database. The database contained customer usernames, email addresses, and hashed passwords.
Luckily, no financial data and no customer websites were compromised.
As a result of the breach, the company has upgraded its password hashing algorithm from SHA-1 to the stronger SHA-2.
Additionally, Hostinger said it is in contact with the authorities and is working with “a team of internal and external forensic experts and data scientists to investigate the origin of the incident.”
The company has also set up a status update page where customers can find updates regarding the breach.