Web Hoster Dreamhost Hacked, Asks Users To Change Passwords
After a relatively quite holiday period attacks on popular services on the Internet seem to have picked up again. After the Zappos incident a few days ago, it is now the popular web hoster Dreamhost that noticed unauthorized activity within one of the company's databases.
Dreamhost did not provide further details about the incident but mentioned that the company did not find any evidence that customer login information or passwords have been dumped by the attackers.
The company nevertheless decided to reset all FTP and shell user access passwords for all Dreamhost users. This should not be confused with the account password used to log into the Dreamhost site itself though. Dreamhost customers who are using the same passwords for multiple services should change passwords on all of them to eliminate the possibility of unauthorized access to those accounts.
Dreamhost notes furthermore that customers should also be changing email passwords of all Dreamhost managed email addresses as soon as possible.
We have been sending out update emails to every account owner we have, letting them know what happened, and how to proceed from here on out. As a precaution, we advise every user to change all email passwords as well. We are not forcing this change, however, so make sure you take care of that ASAP.
Shell and ftp passwords can be changed in the Manage Users interface which is accessible on the Dreamhost website.
Dreamhost customers need to click on the edit button next to the ftp or shell user to change the log in password for that account.
A company representative noted that neither credit card data nor web panel logins were accessed by the attackers. If you read through all of the 270 or so comments on the Dreamhost blog, you will notice that many customers were quite infuriated about the level of information they received.
Web panel access was not available at all times due to users trying to change their passwords and rumors spread that Dreamhost was storing passwords in plain text (which was later refuted by a Dreamhost employee who stated that they were hashed).
Lets take a look at what Dreamhost customers need to do right now:
- Log into the web panel and change FTP, SFTP, MYSQL, Email and other account passwords. Some passwords have been reset automatically by Dreamhost which means that they need to be changed anyway to regain access.
- Change passwords on other accounts if the same password was used for access.
Passwords with a reasonable length should be safe, but it is nevertheless better to make the changes to be certain that the attackers cannot use successfully decrypted passwords to gain account or service access. A password manager like KeePass can aid in the creation of secure passwords.
Are you a Dreamhost customer? If so, when did you receive notification about the security incident and what did you experience afterwards?
I was on vacation for a month. When I returned all h*** had broken loose at Dreamhost ! People are reporting everything from credit card fraud to Joomla site injections! I personally have had all of my one-click installed WordPress blogs become irrevocably infected. It is a horrorshow!
I have never been hacked, i generate my passwords through my password manager RoboForm, the passwords are very difficult to guess
Received the notification in the morning. Changed all passwords – better safe than sorry ! There is never a 100 % guarantee – on any server – but everyone is aware of that.
Notified via email this morning, about 24 hours after they knew. Many people complaining that they still haven’t been notified by email and only found out by happenstance.
Wonder what is taken them so long to notify all customers.
Haven’t received mine yet. Thanks for the heads up!