Web hosting provider Hostinger disclosed a security incident impacting its platform and users. According to the Hostinger blog post, a threat actor gained access to an internal server, discovered an authorization token for an internal API, and used it to make API calls against a database to retrieve client information. The impacted database contains information on approximately 14 million customers, including usernames, hashed user passwords, customers’ IP addresses, first and last names, and contact information. Hostinger reset all account passwords as a result. Hostinger is providing updates on the breach via a status page.