Halloween Hacks

Happy Halloween! The following was originally posted on Facebook.

Important information regarding recent security breach

Got this email from 000webhost this morning. Apparently they just found out they got hacked, and everything was taken. This is my first time hearing about the breach.

I did some research and found this blog post, from a security researcher trying to inform the company of the breach: Breaches, traders, plain text passwords, ethical disclosure and 000webhost

It’s horrifying that people still store passwords in plain text at this scale. Even more horrifying that the hack was done in March and it took this long for 000webhost to become aware of it.

The outrageous part is that it took almost an entire week before the author could find a way to disclose the breach to the company. Goes to show that if your organization doesn’t have a secure and easy way to disclose security risks, you won’t find out that you’re hacked until months later.

This happens to have come not a moment too soon, as yesterday I enabled TFA whenever possible and changed passwords. I’m now going to be closing my accounts with all free hosting providers. They happen to be one of the most insecure places on the Internet.

Certainly a spooky tale about infosec, appropriate for today’s holiday. Make sure you secure your data against all those mysterious characters roaming the web.

 
0
Kudos
 
0
Kudos

Now read this

What Working At Packback Has Been Like

On April 9th, 2014, just over 5 years ago at 18 years old, I set out on a journey of curiosity that has changed my life. That day I accepted an offer to join the fledgling startup Packback as a summer software engineering intern (back... Continue →