Here’s What Happened: We were using Hostinger under the assumption that, as a managed hosting provider, they were responsible for securing the server and ensuring its integrity. However, without any prior warning or investigation, our account was abruptly suspended for alleged phishing activity.
We had no idea about any phishing attack. We never engaged in such activities, and if our server was compromised, it was their responsibility to prevent it.
Instead of helping us secure the server, they accused us and immediately took down everything.
They refused to provide proof of the alleged phishing attack, despite multiple requests.
They denied us access to our own data, even for non-suspended domains, which is completely unacceptable.
This sudden suspension caused irreversible damage to our business, resulting in financial losses exceeding $200,000.
Why This is a Serious Issue: Managed hosting means the provider is responsible for security – If a phishing attack happened, it should have been detected and mitigated by them, not used as an excuse to take down an entire account.
No proof was provided – We repeatedly asked them to show us evidence that we were responsible for phishing, but they ignored our requests.
Data loss is catastrophic – Losing all our data without warning, with no access to backups, has crippled our operations. A responsible hosting provider would at least allow users to retrieve their own data.
This could happen to anyone – If they can do this to us, they can do it to any customer, shutting down accounts arbitrarily and refusing to return essential data.
Final Warning to Other Businesses: If you are using Hostinger or considering them, BEWARE. This company will suspend your account without proof, block your access to critical business data, and refuse to provide backups, leading to devastating losses. DO NOT TRUST THEM WITH YOUR BUSINESS.
We are taking legal action against them for this negligence and urge others who have faced similar issues to speak up. If you’re running a serious business, choose a reliable hosting provider that actually protects your data instead of destroying it.
Has anyone else faced something similar? Let’s expose these irresponsible practices before more businesses suffer.
Ticket ID: #225645
I know that most startups don't bother with it, but stories like this are exactly why it matters. You need to plan ahead, have backups of your data under your own control, with documentation of a DR plan to completely rebuild and recover should you, for any reason, lose every single vendor you work with today.
If you don't have that, then you are not truly a stable company. And while you might have delegated responsibility of server security to a vendor, that does not absolve you of overall accountability for what happens to your business.
That said, I think it should also be mentioned that "managed hosting" doesn't mean you don't have to worry about anything. On the backup side it's always a good idea to have one or two offsite backups not at your primary host, if only for disaster recovery.
And on the security side, it's usually a shared responsibility where they might manage some of the network layers and help prevent and mitigate DDOS and such, but there's no managed hosting company that can fully secure your application stack for you. They'd have to audit every line of code in every dependency for every customer, which is impossible. That's usually your own team's responsibility.
Still, that's not to say what they did was right, and they should be working with you to identify and fix the issues instead acting like you are the enemy :( Thank you for the warning. What a terrible experience!
Keep DNS in another account too.
It's also your server it also had your responsibility to ensure that it was protected. Likely it was hacked
Instead of investigating or helping us secure it, they suspended our account without proof and refused to provide backups.
A responsible provider would have detected and mitigated threats proactively—not punished their customers with data loss and financial ruin. This isn’t just negligence, it’s outright reckless.
If you used a SaaS then its a bit different since you could only use an authorised plugin and wouldnt be able to run arbitrary code.
Their TOS [1] was probably something that needed to heavily considered. As for lost data -- #5.7
If your site was exploited in some manner, as a company their IT will just assume the most likely, and blame whatever was installed (I assume a VPS was what was being hosted for your company) was the weak link and subject to being able to be hacked easily.
[1] https://www.hostinger.com/legal/universal-terms-of-service-a...
Having seen unnecessarily unhelpful behaviour like this before, it is infuriating and deserves to be called out.
I will say that the OP seems to have a possibly unrealistic expectation on who is responsible for security. It is very rarely quite as binary as it seems to be being described. I could be wrong, not knowing all the details…
Regardless, it still sounds like Hostinger have done very little to help.
As you point out, we are in the dark as to just what the hosting services were, there's mention of a server but we can only speculate. However the company does point out in their TOS, the customer is responsible for backing up their own data - but saying that we (as non customers) also don't know just how easy they allow the customer to do that.
Getting to the nature of the complaint - Obviously any company such as Hostinger has to position to minimise legal threats as per what they ultimately are responsible for hosting, and would do so by setting up processes to monitor for threats, detection measures such as looking for file fingerprints, possibly by using A.I. in a clever means. They'd also have a process to handle external complaints from people or companies on the web.
I can sort of guess what might have started the ball rolling,[1] (complaints by various domain providers) but that in itself, is not a proof, just that someone did not address those whatever they were issues in a timely manner. The person within Hostinger tasked to deal with the external complaint, given an apparent non reversal a suspended domain with the customer apparently simply ignoring the fact they have a suspended domain; isn't probably going to go to great depths to call in the system admin to confirm. Now they might be wrong given the small number of edge cases where it's all just a mix up or some other honest problem ... how many domains and with how many different providers?
[1] >They denied us access to our own data, even for non-suspended domains
[1] https://themeisle.com/blog/hostinger-pricing/
[2] https://old.reddit.com/r/Hostinger/comments/1jlunm9/beware_o...
> We were hosting Cloud Enterprise top tire server on hostinger and about 70 sites where active on server. All gone including crucial data