DreamHost hacked, mass password-reset issued

According to a blog post at DreamHost Status Blog, the company has detected a security breach at one of their database servers.

According to a blog post at DreamHost Status Blog, the company has detected a security breach in one of their database servers.

In a response to the attack, the company has decided to issue a mass password-reset on all of its customers.

More details:

Apparently, the breach occured in November via theone-click install wizard offered by Dreamhost: One click and your wholeWordpress / Drupal web site is installed, ready to use, automatically updatedby the wizard. Apparently, it’s the wizard itself that was compromised andanybody who used it was affected.

DreamHost CEO issued the following statement:

“our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).”

Next to shell and FTP passwords, the company is advising its customers to change email passwords as well.

There are not reports of mass abuse of the stolen accounting data so far.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All