During one of our testing (June, 2016) we found a high-severe security issue ( 9 points out of 10) on hosting company Hostinger.com‘s server.
The bug in question gave an ability to a person to access any customer’s personal files and database, that means practically every private information (passwords, emails and etc ).
We reported the issue to Hostinger.com and during the next 2 weeks after the first email, the vulnerability was fixed by them.
Of course, according to their Bug Bounty Program of Hostinger, we were rewarded.
Official records about this problem were removed from internet. However, here you can view fragments of the event:
- https://security.stackexchange.com/questions/128273/hostinger-users-be-aware
- Screenshots: