Web Host's Unencrypted Passwords Hacked

DreamHost Resets Passwords for All Customers
Web Host's Unencrypted Passwords Hacked

Web-hosting provider DreamHost reset all FTP/shell passwords for its customers after a hacker gained access to certain unencrypted passwords. The company hosts more than 1 million domains.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

In a blog post, CEO Simon Anderson explains that on Jan. 20, a hacker discovered a legacy pool of some unencrypted FTP/shell passwords in a database table that had not been deleted. "We've now confirmed that there are no more legacy unencrypted passwords in our systems," Anderson says.

DreamHost has more than 1,500 servers and 100 employees.

The company's intrusion-detection system detected the incident and alerted the security team, which identified the means of illegal access and blocked it, Anderson says. As a result, all customers' FTP/shell passwords were reset.

No web-panel passwords or e-mail passwords were accessed or affected, Anderson says, and no customer billing information or other personal information was accessed.

So far, no malicious activity has occurred as a result of the breach, Anderson reports.

DreamHost also has responded to the breach by implementing changes to prevent similar attempted hacks, the CEO says. And it's performing a security review, including a detailed review of customer input on potential vulnerabilities.

"Defending against cyber attacks is unfortunately an everyday part of business for Internet companies, so we're constantly evolving our security measures to prevent them," Anderson says.

DreamHost has created a web page to inform customers about updates and actions being taken in response to the data breach.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.