000webhost hacked - 13 million passwords leaked

[Flash1997]

This had been happen some week ago but now they are back online, with more security.

[Lt.Bitcoin]

This had been happen some week ago but now they are back online, with more security.

Hello Flash1997,

I opened their website and i think now no one will be going to create an account their. The site doesn't provide any proof that our passwords are secured with them. They should be checked and verified by some group of users whom we can trust at all.

Hope to see them back in business soon, I had an account pwned!
Lt.Bitcoin

[Lauda]

It's a legit dump nevertheless... I found my account inside 

Yes, legit. I verified.

Did you find mine? A fucking 6char password... Damn I was an idiot back then. I think it was 2010. or something.

Not really. As said, I just looked through it I was not looking for anything particular and have already removed the file. Interesting "hard-to-crack" passwords indeed.

This had been happen some week ago but now they are back online, with more security.

They always say "more security" until someone leaks the next set of unencrypted data.

[shorena]

It's a legit dump nevertheless... I found my account inside  

Yes, legit. I verified.

Just curious, what was your password?

-snip-
They always say "more security" until someone leaks the next set of unencrypted data.

The way they handled the person reporting them the leak speaks volumes. They probably run other hosting companies as well, they did some cross promotions on facebook.

-snip-
Interesting "hard-to-crack" passwords indeed.
-snip-

do grep correcthorsebatterystaple

Some of the passwords are actually good though, they look random and have a decent length. Others however... Passw0rd, abc123, lots of keyboard walking.

[Parazyd]

It's a legit dump nevertheless... I found my account inside 

Yes, legit. I verified.

Just curious, what was your password?

Wouldn't you like to know?

You can PM me, I'll give you the dump.

[shorena]

It's a legit dump nevertheless... I found my account inside 

Yes, legit. I verified.

Just curious, what was your password?

Wouldn't you like to know?

You can PM me, I'll give you the dump.

Already got it, thanks.

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.

[Lauda]

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.

Badly formatted? What did you use to open the dump with? I thought it was Full name, email, password and it looked fine to me the last time I opened it.

[ryandanielt]

i guess thats why it was always the smartest thing to not use the same password for every site. I got i think 32 different passwords in my head I use lol

[John (John K.)]

Yep, I found my old account there. It's good that I used a password manager and had unique passwords though

[Decoded]

Damn, to think the day before, I deleted my account xD

I never liked their service anyway. The only good thing that they provided was a working ftp connection to net2ftp. That's it. After let's say, 20 views, your website will shut down for having taken up too much bandwidth. I use hourb, which is the best, but the only problem is that their ftp servers don't work unless you use their file manager.

[Parazyd]

Damn, to think the day before, I deleted my account xD

I never liked their service anyway. The only good thing that they provided was a working ftp connection to net2ftp. That's it. After let's say, 20 views, your website will shut down for having taken up too much bandwidth. I use hourb, which is the best, but the only problem is that their ftp servers don't work unless you use their file manager.

Non-related to 000webhost. But, one really awesome host that can be yours (free for one year) is the Amazon EC2. You get root access, and you can do anything you wish with it.
It's really easy to manage, and really easy to use.

[shorena]

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.

Badly formatted? What did you use to open the dump with? I thought it was Full name, email, password and it looked fine to me the last time I opened it.

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.

[Patatas]

That's some sad news.I had an account with webhost for personal stuff trying out my own website design and server side scripts.I did have some sensitive data but doesn't seem to be affected.I had saved my passwords of all crypto related stuff including my gambling website passwords.Nothing of mine seems to be leaked.All ready cleared my data though Thanks!

[Lauda]

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.

Ah, that is what you meant. I understand now and you're right. Unless you exactly know my email address or something else that is specific, then you can't really tell which one might be me. For anyone that is affected they should just check that they aren't using the same password for anywhere else and there is no problem.

[shorena]

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.

So that is what you meant. I understand now and you're right. Unless you exactly know my email address or something else that is specific, then you can't really tell which one might be me. For anyone that is affected they should just check that they aren't using the same password for anywhere else and there is no problem.

Yes, this should be done in general and the password should not be easy to guess like e.g. 000webhost or winter123 which is why Password managers are so great.