Feeds

DreamHost nightmare attack sparks passwords reset

Hackers inappropriately touched customer database

Choosing a cloud hosting partner with confidence

US-based hosting firm DreamHost is advising customers to change their passwords following a database breach.

The firm warned on late on Friday that hackers had compromised customer FTP/shell access passwords. DreamHost began the process of resetting customer passwords over the weekend, a process that hit a few hiccups along the way (if entries on its status update page are any guide). Web panel passwords, email passwords and billing data were not affected by the breach, the company said. These passwords have also been reset as a precaution.

Compromised passwords could potentially be used to change the content of hosted sites or to (more likely) insert malicious code. The motives of the hackers – much less their identity – remains unclear.

In a blog post, DreamHost chief exec Simon Anderson said the company had been hit by a "previously unknown" attack. He attempted to allay fears by saying nothing bad had happened to customers as a result of the breach, possibly because DreamHost reacted quickly once a breach was detected.

"The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords," it said. "The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access.

"Early yesterday, one of DreamHost’s database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place. Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it," he added. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Put down that shotgun: Wi-Fi's the way to beat Zombies
CreepyDOL sensors can pick walkers from humans with MAC snack attack
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.