We received an alert that one of our system APIs have been accessed by an unauthorised 3rd party, which had escalated privileges to internal system (API calls affecting information about Clients), and could potentially execute commands.
We have taken immediate action and secured the API and all related systems, and such access is no longer available.
We are also taking extra precautions and we will be resetting all of the potentially affected client passwords. Such clients will receive an e-mail that their password has been reset.
We will provide further communications and updates on this event in our blog post: https://www.hostinger.com/blog/security-incident-what-you-need-to-know