Halloween Hacks

Happy Halloween! The following was originally posted on Facebook.

Important information regarding recent security breach

Got this email from 000webhost this morning. Apparently they just found out they got hacked, and everything was taken. This is my first time hearing about the breach.

I did some research and found this blog post, from a security researcher trying to inform the company of the breach: Breaches, traders, plain text passwords, ethical disclosure and 000webhost

It’s horrifying that people still store passwords in plain text at this scale. Even more horrifying that the hack was done in March and it took this long for 000webhost to become aware of it.

The outrageous part is that it took almost an entire week before the author could find a way to disclose the breach to the company. Goes to show that if your organization doesn’t have a secure and easy way to disclose security risks, you won’t find out that you’re hacked until months later.

This happens to have come not a moment too soon, as yesterday I enabled TFA whenever possible and changed passwords. I’m now going to be closing my accounts with all free hosting providers. They happen to be one of the most insecure places on the Internet.

Certainly a spooky tale about infosec, appropriate for today’s holiday. Make sure you secure your data against all those mysterious characters roaming the web.

 
0
Kudos
 
0
Kudos

Now read this

A “chat” in the 21st century: instant messaging & more

Beep. Ping. Clang. Those are the sounds of communication in my life. I have typed thousands of lines into an instant messaging (IM) client, without a single sound exiting my mouth. Unlike the teenagers who decades ago heard the sound of... Continue →