000Webhost Hacked

The low-cost Web hosting service 000Webhost has been hacked, and it appears it had some revolting security practices. “[Troy] Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user’s plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It’s also possible that the site didn’t follow standard industry practices and cryptographically hash the passwords when storing them.”