September 24, 2016

Unauthorized Activity Within One of DreamHost’s Databases Prompts Password Resets

(LiveHacking.Com) – DreamHost detected some unauthorized activity within one of its databases over the weekend. And as a precautionary measure it is forcing customers to change their Shell and FTP password. To do this users needed to access the DreamHost web panel and go to “Manage Users”, however the rush of customers wanting to protect their accounts left the web panel overwhelmed with intermittent access for about an hour before DreamHost managed to fix it.

According to DreamHost, its support team handled thousands of password related requests over the weekend and that all mandatory Shell & FTP password resets were completed Friday evening for shared hosting customers and by Saturday for its VPS customers

“Due to the fast action we took to reset passwords, we’re not seeing any unusual malicious activity on customer accounts. Our security software and systems are functioning normally.”

DreamHost subsequently posted a security update in which it revealed that the database was accessed using a zero day exploit however the intrusion detection systems alerted DreamHost’s security team who then identified the means of access and blocked it. After a quick review of the data potentially accessed it appeared that some customers’ FTP and shell access passwords were possibly compromised. This then prompted the hosting company to initiate a forced reset of FTP and shell access passwords.

When asked if DreamHost stores its password in plaintext, Simon Anderson CEO, DreamHost, replied “Our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks