Web host Hostinger says data breach may affect 14 million customers – gpgmail


Hostinger said it has reset user passwords as a “precautionary measure” after it detected unauthorized access to a database containing information on millions of its customers.

The breach is said to have happened on Thursday. The company said in a blog post it received an alert that one of its servers was improperly accessed. Using an access token found on the server, which can give access to systems without needing a username or a password, the hacker gained further access to the company’s systems, including an API database containing customer usernames, email addresses, and scrambled passwords.

Hostinger said the API database stored about 14 million customers records. The company has more than 29 million customers on its books.

“We have restricted the vulnerable system, and such access is no longer available,” said Daugirdas Jankus, Hostinger’s chief marketing officer.

“We are in contact with the respective authorities,” said Jankus.

An email from Hostinger explaining the data breach. (Image: supplied)

News of the breach broke overnight. According to the company’s status page, affected customers have already received an email to reset their passwords.

The company said that financial data wasn’t taken in the breach, nor was customer website files or data affected.

But one customer who was affected by the breach accused the company of being potentially “misleading” about the scope of the breach.

A chat log seen by gpgmail shows a customer support representative telling the customer it was “correct” that customers’ financial data can be retrieved by the API but that the company does “not store any payment data.” Hostinger uses multiple payment processors, the representative told the customer, but did not name them.

“They say they do not store payment details locally, but they have an API that can pull this information from the payment processor and the attacker had access to it,” the customer told gpgmail.

We’ve reached out to Hostinger for more, but a spokesperson didn’t immediately comment when reached by gpgmail.

Related stories:


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Justice Department indicts 80 individuals in a massive business email scam bust – gpgmail


The Justice Department have indicted dozens of individuals accused of their involvement in a massive business email scam and money laundering scheme.

Thom Mrozek, a spokesperson for the U.S. Attorneys Office for the Central District of California, confirmed more than a dozen individuals had been arrested during raids on Thursday — mostly in the Los Angeles area. A total of 80 defendants are allegedly involved in the scheme.

News of the early-morning raids were first reported by ABC7 in Los Angeles.

The 145-page indictment, unsealed Thursday, said the 80 named individuals are charged with conspiracy to commit mail and bank fraud, as well as aggravated identity theft and money laundering.

Most of the individuals alleged to be involved in the scheme are based in Nigeria, said the spokesperson.

But it’s not immediately known if the Nigerian nationals will be extradited to the U.S., however a treaty exists between the two nations making extraditions possible.

U.S. Attorney Nicola Hanna said the case was part of an ongoing effort to protect citizens and businesses from email scams.

“Today, we have taken a major step to disrupt criminal networks that use [business email scam] schemes, romance scams and other frauds to fleece victims,” he said. “This indictment sends a message that we will identify perpetrators — no matter where they reside — and we will cut off the flow of ill-gotten gains.”

These business email compromise scams rely partly on deception and in some cases hacking. Scammers send specially crafted spearphishing emails to their targets in order to trick them into turning over sensitive information about the company, such as sending employee W-2 tax documents so scammers can generate fraudulent refunds, or tricking an employee into making wire transfers to bank accounts controlled by the scammers. More often than not, the scammers use spoofing techniques to impersonate a senior executive over email to trick the unsuspecting victim, or hack into the email account of the person they are impersonating.

The FBI says these impersonation attacks have cost consumers and businesses more than $3 billion since 2015.

Valentine Iro, 31, and Chukwudi Christogunus Igbokwe, 38, both Nigerian nationals and residents of California, are accused of running the operation, said prosecutors.

The alleged fraudsters are accused of carrying out several hundred “overt” acts of fraud against over a dozen victims, generating millions of dollars worth of fraud over several months. In some cases the fraudsters would hack into the email accounts of the person they were trying to impersonate to try to trick a victim into wiring money from a business into the fraudster’s bank account.

Iro and Igbokwe were “essentially brokers” of fraudulent bank accounts, prosecutors allege, by fielding requests for bank account information and laundering the money obtained from victims. The two lead defendants are accused of taking a cut of the stolen money. They then allegedly used illicit money exchanges to launder the money.

Several bank accounts run by the fraudsters contained over $40 million in stolen funds.

The FBI said the agency has seem a large increase in the number of business email scams in the past year targeting small and large businesses, as well as non-profits.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something