Announcement

Collapse
No announcement yet.

Got a dreamhost account? W00PS! 3500 passwords leaked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Got a dreamhost account? W00PS! 3500 passwords leaked

    It seems a lot of dreamhost customers received this email

    Originally posted by Dreamhost
    From: DreamHost Security Team
    Subject: URGENT: FTP Account Security Concerns…
    Hello -
    This email is regarding a potential security concern related to your
    ‘XXXX’ FTP account.
    We have detected what appears to be the exploit of a number of
    accounts belonging to DreamHost customers, and it appears that your
    account was one of those affected.
    We’re still working to determine how this occurred, but it appears
    that a 3rd party found a way to obtain the password information
    associated with approximately 3,500 separate FTP accounts and has
    used that information to append data to the index files of customer
    sites using automated scripts (primarily for search engine
    optimization purposes).
    Our records indicate that only roughly 20% of the accounts accessed -
    less than 0.15% of the total accounts that we host - actually had
    any changes made to them. Most accounts were untouched.
    We ask that you do the following as soon as possible:
    1. Immediately change your FTP password, as well as that of any other
    accounts that may share the same password. We recommend the use of
    passwords containing 8 or more random letters and numbers. You may
    change your FTP password from the web panel (”Users” section, “Manage
    Users” sub-section).
    2. Review your hosted accounts/sites and ensure that nothing has been
    uploaded or changed that you did not do yourself. Many of the
    unauthorized logins did not result in changes at all (the intruder
    logged in, obtained a directory listing and quickly logged back out)
    but to be sure you should carefully review the full contents of your
    account.
    Again, only about 20% of the exploited accounts showed any
    modifications, and of those the only known changes have been to site
    index documents (ie. ‘index.php’, ‘index.html’, etc - though we
    recommend looking for other changes as well).
    It appears that the same intruder also attempted to gain direct
    access to our internal customer information database, but this was
    thwarted by protections we have in place to prevent such access.
    Similarly, we have seen no indication that the intruder accessed
    other customer account services such as email or MySQL databases.
    In the last 24 hours we have made numerous significant behind-the-
    scenes changes to improve internal security, including the discovery
    and patching to prevent a handful of possible exploits.
    We will, of course, continue to investigate the source of this
    particular security breach and keep customers apprised of what we
    find. Once we learn more, we will be sure to post updates as they
    become available to our status weblog:
    http://www.dreamhoststatus.com/
    Thank you for your patience. If you have any questions or concerns,
    please let us know.


  • #2
    Ouch!

    Comment


    • #3
      oooo.... not good for them aye mate?

      Comment


      • #4
        I didn't get one, so I think I'd be okay for the time being... But its certainly time to change a password there as I haven't done so for quite some time now.
        Best Regards,
        Andy Huang

        Comment


        • #5
          Ooooh, at least they told everyone about it. a lot of places would probably try to cover it up.

          Comment


          • #6
            I wonder how many people would leave them over this issue?

            Comment


            • #7
              Originally posted by FreshFroot_ View Post
              I wonder how many people would leave them over this issue?
              I would have cancelled my account already.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API - Full / Mobile
              Vote for your favorite feature requests and the bugs you want to see fixed.

              Comment


              • #8
                it would appear the dream popped.
                ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
                Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

                Comment


                • #9
                  I honestly like the fact they balled up to this. Something I have seen with many hosts is the need to flower and cover things up. No technology is flawless, but they are trying real hard.

                  Comment


                  • #10
                    One thing with Dreamhost, they do keep you in the know and you can't grumble at that. I used them for a short while, but as I generally run UK based sites it was too slow for me.
                    [URL="http://www.aviationweb.net/"]Aviation Web[/URL="http://www.aviationweb.net/"]

                    Comment


                    • #11
                      Despite going public (probably because it became public) doesn't mean it's fully accurate. Nobody's recounting the amount, and they still don't know what happened (so it can happen again?) Yes, I think it is cool they went public and played honest. I just hope it is less scary then it sounds.

                      Comment

                      Loading...
                      Working...
                      X