DreamHost Notifies Customers of Data Breach, FTP Passwords Exposed

DreamHost, a company that hosts more than a million domains, is notifying customers that hackers may have obtained unauthorized access to some of their passwords, advising them to change their FTP/shell access passwords, but also their email passwords.

 “Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users,” reads the letter sent to customers.

DreamHost clients have three types of passwords: a web panel password, used for logging into the administration panel, email passwords, and FTP/shell access passwords. The firm states that only FTP/shell passwords appear to have been compromised, but as a precaution email passwords should be reset as well.

Account holders are also warned that phishing emails may target them as a result of a data breach.

“Note that DreamHost will never ask you for personal or account information in an email. Please exercise caution if you receive any other emails that ask for personal information or direct you to a web site where you are asked to provide personal information,” the advisory email informs.

After digging around a bit, we found a Pastebin document posted on January 18, 2012, that appears to have contained information obtained from webftp.dreamhost.com, but the document has been removed since.

Internet users who own DreamHost accounts are advised to create a new FTP/shell password for them by logging in to the web panel, selecting the Manage Users menu and editing all the passwords.

Since it’s believed that email passwords are not exposed, DreamHost is not enforcing customers to change them, but they are strongly advising this practice as a precaution. In order to change the email passwords, users must access the Manage Email menu and edit the passwords for each email account.
Source: Softpedia

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !