Security incident Report
Incident Report for Hostinger International
Resolved
This incident has been resolved.

A Post Mortem will be posted on our Blog.
Posted 3 days ago. Sep 13, 2019 - 14:15 UTC
Monitoring
We are currently monitoring the recently updated internal API infrastructure.
Posted 17 days ago. Aug 30, 2019 - 19:13 UTC
Update
Some customers reported discrepancies due to recent password change. If you cannot login to your panel, please do not hesitate to contact our Customer Success Team, they will be able to help.
Posted 21 days ago. Aug 26, 2019 - 14:45 UTC
Update
We are continuing our internal review, implementing new security procedures and hardening server and network settings.

We are working with internal and external forensics teams to analyse network and server logs.

The API is operational and working as expected.

However we are keeping this incident open while further RCA investigation is ongoing.
Posted 22 days ago. Aug 25, 2019 - 20:20 UTC
Update
We are continuing to investigate this issue.
Posted 23 days ago. Aug 25, 2019 - 09:46 UTC
Investigating
We received an alert that one of our system APIs have been accessed by an unauthorised 3rd party, which had escalated privileges to internal system (API calls affecting information about Clients), and could potentially execute commands.

We have taken immediate action and secured the API and all related systems, and such access is no longer available.

We are also taking extra precautions and we will be resetting all of the potentially affected client passwords. Such clients will receive an e-mail that their password has been reset.

We will provide further communications and updates on this event in our blog post: https://www.hostinger.com/blog/security-incident-what-you-need-to-know
Posted 23 days ago. Aug 25, 2019 - 09:43 UTC
This incident affected: Core Services (Hostinger Internal).