Security leak at dreamhost.com

Knowing that a lot of people use DreamHost for their websites, it’s a bit unsettling to see that suspicious activity was detected within one of their databases and, because of that activity passwords have been reset across for FTP, Shell and VPS customer accounts. If you use DreamHost and have not been able to log-in recently, this may explain why. There also is a blog post which is linked from their main site which sheds some more light on the issue but leaves out some important facts, for example whether probably stolen passwords were stored as plain-text or were encrypted.

In the DreamHost spirit of transparency and openness, I’m providing this update on our blog on the security issue yesterday. It’s necessarily pretty dry and factual, unlike most DreamHost posts, but that’s important to communicate as much detail as possible while not disclosing the inner workings of our security defenses. The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords. The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access…..Read more