000Webhost
| Primary URL | Location | Industry | 000webhost[.]com |
Country
Lithuania
|
Technology
|
|---|
Profile
000Webhost operates as a free web hosting provider, offering customers the ability to publish websites without charge. The company is headquartered in Lithuania and is affiliated with a parent organisation that later issued a public apology following a major security incident. Its service attracted a substantial user base, as evidenced by the exposure of approximately 13.5 million customer credentials in a single breach incident. The platform primarily served individuals and small projects seeking no‑cost hosting solutions, positioning itself within the broader market of free online presence tools. While the exact scale of its active user community is not disclosed beyond the breach figures, the incident indicates a notable reach across its user demographic. The provider’s core offering centered on enabling users to deploy web content without financial barriers, a model that distinguished it from paid hosting competitors.
The 2015 breach revealed several distinguishing security shortcomings that contrasted with industry best practices. Credentials were stored in plaintext, and signup pages transmitted usernames and passwords visibly in browser address bars, exposing them to interception. Underlying forum software was outdated and contained known vulnerabilities that were exploited to gain unauthorized access. Despite repeated notifications from security researchers and the media, the organisation initially ignored warnings, later opting to silently reset passwords without direct user communication and removing social media posts that discussed the security concerns. After public disclosure, the company acknowledged the exploit, temporarily disabled certain functionalities, and implemented password resets using enhanced encryption. Its parent firm engaged law enforcement, asserted that premium services remained unaffected, and advised all affected customers to change their credentials. These events highlighted a gap between the provider’s free service model and the security measures expected to protect user data at scale.