13 Million Passwords Possibly Leaked at 000webhost
In one of the more recent security hacks, it has been reported by the owner of Have I Been Pwned, Troy Hunt, that more than 13 million accounts have been compromised at the free web hosting service, 000webhost.
The records that were compromised consisted of names, email addresses, and plaintext passwords of the services user base. After analysis of the companies security practices, it was found that along with storing passwords in clear text, there were many other security holes and lax policies that are also potential problems for users of the service, one of these including non-secure communications for login page.
The company has recently posted their findings and response to the breach. The breach occured through the exploitation of an older version of PHP which allowed the hacker to upload malicious files to gain access to the system. From there they were able to dump the MySQL database of the user's information and export it.
The initial response from the company was to shutdown the members area of their website and issue password resets to all of their customers. They then have been working to secure the member's area and have been steadily releasing back functionality to their users on a daily basis.
References
Security Week - 13 Million Passwords Leaked From Free Hosting Service000webhost Security Breach - Database Dump Response