Web hosting company Hostinger suffered a security breach on Aug. 23 that allowed an unauthorized third party to gain access to its internal systems.

As TechCrunch reports(Opens in a new window), the server contained the company’s internal system API and associated database, which held customer usernames, email addresses, first names, IP addresses, and hashed passwords. The passwords were protected with the SHA-1 algorithm, but that has been proven to be vulnerable to attack.

In total, about 14 million Hostinger customers(Opens in a new window) had their information stored in the database. Hostinger responded to the breach by resetting all client passwords and sent out an email informing customers they need to select a new password, and preferably a strong one not used anywhere else.

The good news is, Hostinger does not store any payment details on its system as all payments are made through third-party providers. Any financial data the company does hold was stored on a server not accessed during the breach. Website accounts and data was also confirmed as not being accessed.

Hostinger has formed a team of “internal and external forensics experts and data scientists” to investigate the breach which was made possible due to an authorization token being present on the server allowing for access without need of a username or password. The relevant authorities have also been contacted and hopefully they’ll catch whoever gained access. You can see the latest information regarding the investigation on Hostinger’s status page(Opens in a new window).

5 Things You Need to Know About Web Hosting