Security researcher Paulos Yibelo found at least one account takeover-related client-side vulnerability in Bluehost, Dreamhost, HostGator, OVH, and iPage. The vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers. The information breach could have put millions of customers as well as billions of their sites’ visitors at risk of hacking.
Source: https://thehackernews.com/2019/01/web-hosting-server-security.html