Web hosting service Hostinger has reset client passwords following unauthorized access to a server holding data on 14 million customers by a third party.
The intruder had access to emails, hashed passwords, first names and IP addresses' hashed passwords and other non-financial data, the company says in a blog post published on Sunday.
However, websites, domains and hosted emails were not affected.
The firm was informed of the breach on Friday via an international alert. It has alerted customers and authorities, while assembling “a team of internal and external forensics experts and data scientists to investigate the origin of the incident and increase security measures of all Hostinger operations,” it says.
The firm explains that the server ”contained an authorization token, which was used to obtain further access and escalate privileges to our system RESTful API Server.”
It adds: “This API Server is used to query the details about our clients and their accounts.”
Hostinger advises users to “avoid clicking on the links or downloading attachments from suspicious emails.”