![\"\"](\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\")
Der Hoster 000Webhost.com wurde vor gut 5 Monaten gehackt, wobei der oder die Angreifer 13 Millionen Zugangsdaten einschlie\u00dflich unverschl\u00fcsselter Kennw\u00f6rter erbeutet haben.<\/p>\nDer Hoster 000Webhost.com wurde vor gut 5 Monaten gehackt, wobei der oder die Angreifer 13 Millionen Zugangsdaten einschlie\u00dflich unverschl\u00fcsselter Kennw\u00f6rter erbeutet haben.<\/p>\n
<\/p>\n
Normalerweise w\u00fcrde man sagen, was k\u00fcmmert es mich, wenn in China ein Sack Reis umf\u00e4llt oder ein Hoster wie 000Webhost.com\u00a0 gehackt wurde. Aber die Geschichte hat mehrere Seiten \u2013 unter anderem bin auch ich betroffen. So 2008 oder 2009 habe ich bei verschiedenen Hostern mit WordPress-Software experimentiert. Unter anderem geh\u00f6rte 000Webhost.com dazu, weil diese ein freies Webhosting mit PHP und WordPress anboten. Ich habe das Projekt zwar schnell eingestellt, weil ich dort (wie bei anderen freien Webhostern) ganz fix an die Grenzen der Ressourcen stie\u00df. Und wenn ich mich richtig erinnere, wurde das Benutzerkonto gesperrt, weil ich mich nicht zyklisch am Konto anmeldete (verwaiste Konten werden von den meisten Free-Hostern dann gel\u00f6scht).<\/p>\n
So weit so gut. Vorgestern las ich den ArsTechnica-Artikel<\/a>, dass der Hoster gehackt worden sei. Die Info kam von einem australischen Sicherheitsforscher, Troy Hunt, dem die Info zugespielt worden ist. Gestern hat heise.de \u00fcber den Fall berichtet<\/a>.<\/p>\n Woher ich das wei\u00df? Gestern erreichte mich folgende Mail.<\/p>\n Important information regarding recent security breach<\/em><\/strong><\/p>\n What happened?<\/em><\/strong><\/p>\n A hacker used an exploit in an old PHP version, that we were using on our website, in order to gain access to our systems. Data that has been stolen includes usernames, passwords, email addresses, IP addresses and names.<\/em><\/p>\n Although the whole database has been compromised, we are mostly concerned about the leaked client information.<\/em><\/p>\n What did we do about it?<\/em><\/strong><\/p>\n We have been aware of this issue since 27th of October and our team started to troubleshoot and resolve this issue the same day, immediately after becoming aware of this issue.<\/em><\/p>\n In an effort to protect our users we have temporarily blocked access to systems affected by this security flaw. We will re-enable access to the affected systems after an investigation and once all security issues have been resolved. Affected systems include our website and our members area. Additionally we have temporarily blocked FTP access, as FTP passwords have been stolen as well.<\/em><\/p>\n We reseted all users passwords in our systems and increased the level of encryption to prevent such issues in the future.<\/em><\/p>\n We are still working around the clock to identify and eliminate all security flaws. We will get back to providing the free service soon. We are also updating and patching our systems.<\/em><\/p>\n What do you need to do?<\/em><\/strong><\/p>\n As all the passwords have been changed to random values, you now need to reset them when the service goes live again. We also recommend that you use Two Factor Authentication (TFA) and a different password for every service whenever possible. We can recommend the Authy authenticator app and the LastPass password manager.<\/em><\/p>\n We are sorry<\/em><\/strong><\/p>\n At 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that. Sincerely, Zeigt wieder einmal, dass man ohne Not keine Benutzerkonten bei Hinz & Kuntz anlegen sollte. Denn die Zugangsdaten d\u00fcmpeln bei denen ggf. noch nach Jahren herum, selbst wenn das Konto bereits l\u00e4ngst erloschen ist.<\/p>\n","protected":false},"excerpt":{"rendered":" Der Hoster 000Webhost.com wurde vor gut 5 Monaten gehackt, wobei der oder die Angreifer 13 Millionen Zugangsdaten einschlie\u00dflich unverschl\u00fcsselter Kennw\u00f6rter erbeutet haben.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[2564,4328],"class_list":["post-168782","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-hack","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/168782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=168782"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/168782\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=168782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=168782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=168782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\nDO NOT USE YOUR PREVIOUS PASSWORD.
\nPLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD FOR OTHER SERVICES. <\/em><\/p>\n
\nAt 000webhost our top priority remains the same – to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together.
\nOur leadership team will closely monitor this issue and will do everything possible to earn your trust every day. <\/em><\/p>\n
\n000webhost CEO,
\nArnas Stuopelis <\/em><\/p>\n
\n