In a response to the attack, the company has decided to issue a mass password-reset on all of its customers.
Apparently, the breach occured in November via theone-click install wizard offered by Dreamhost: One click and your wholeWordpress / Drupal web site is installed, ready to use, automatically updatedby the wizard. Apparently, it’s the wizard itself that was compromised andanybody who used it was affected.
“our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).”
Next to shell and FTP passwords, the company is advising its customers to change email passwords as well.
There are not reports of mass abuse of the stolen accounting data so far.