Happy Halloween! The following was originally posted on Facebook.
Got this email from 000webhost this morning. Apparently they just found out they got hacked, and everything was taken. This is my first time hearing about the breach.
I did some research and found this blog post, from a security researcher trying to inform the company of the breach: Breaches, traders, plain text passwords, ethical disclosure and 000webhost
It’s horrifying that people still store passwords in plain text at this scale. Even more horrifying that the hack was done in March and it took this long for 000webhost to become aware of it.
The outrageous part is that it took almost an entire week before the author could find a way to disclose the breach to the company. Goes to show that if your organization doesn’t have a secure and easy way to disclose security risks, you won’t find out that you’re hacked until...
Continue reading →