000webhost

In March 2015 the free web hosting provider 000webhost suffered a major security breach that resulted in the exposure of nearly 15 million customer records. The incident occurred due to an exploit in an old version of PHP which allowed attackers to gain access to the database. The leaked information was traded privately for months before becoming public in October 2015. Notably the service was storing passwords in plain text without any encryption or hashing which significantly increased the risk for affected users who reused those credentials on other platforms.