Quote:Hey everyone,
There's a significant user base here that uses 000Webhost as an affordable hosting solution. This is a warning to users of their service. To clarify: MyBB has not been compromised.
Please be advised that 000Webhost's database of over 13 million accounts has been compromised and plaintext passwords, along with email addresses and IP addresses, have been leaked.
If you use 000Webhost, find a new hosting provider. 000 ran an outdated PHP version that got exploited in the attack, transferred passwords insecurely via GET parameter after login, and stored passwords in plaintext. 000 is not a safe option (and, frankly, never has been). They're also flat-out unreliable for uptime.
Further, if you reuse the same password or a very similar one with other services, please immediately change them for your security. The database was sold privately before information of the breach was given to 000Webhost this month.
To find out if your information may be compromised due to this breach or any past ones, visit http://haveibeenpwned.com and enter your email address.
Thank you.
Hope nobody had their real passwords on any of the sites related (in case of being part of the DB).
Im glad i use Authenticators on most of my accounts...