https://techcrunch.com/2019/01/14/web-hosting-account-hacks/

A security researcher has found, reported, and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet.

In some cases, clicking on a simple link would have been enough for Paulos Yibela, a well-known and respected bug hunter, to take over the accounts of anyone using five large hosting providers — Bluehost, Dreamhost, Hostgator, OVH, and iPage.