DreamHost database hacked: Change your FTP/shell access and email passwords

Web hosting provider DreamHost reset all 300,000 FTP and shell access passwords after hackers breached a database. DreamHost advises changing your FTP/shell access and email passwords.

Anonymous may have launched massive Megaupload revenge DDoS attacks against DOJ, FBI, MPAA and RIAA websites, but sadly even stating a "deep-seated moral opposition" and denouncing SOPA doesn't keep a site from being hacked. Web hosting service provider and domain name registrar DreamHost suffered a database breach on Friday and reset all 300,000 customers' FTP and shell access passwords. On January 21, DreamHost sent an email stating, "Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users." All customers are advised to change their FTP/shell access passwords immediately, and although "web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed," the company "strongly" recommended changing your email password as a "precaution."

According to the DreamHost blog, "One of DreamHost's database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place. Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it."

Although the DreamHost status page marked the issue as "resolved," there are currently 598 responses to "changing shell/FTP passwords due to security issue." Some of those customers expressed difficulties accessing the web panel or a prolonged delay while waiting for the password change to work. Other folks complained about suffering with malware-infected sites for months after allegedly using the DreamHost one-click install wizard to setup WordPress or Drupal. One has to wonder if the security issue of embedded malware on some sites has more to do with customers not keeping WordPress updated.

Sucuri Research Blog reported that is has cleaned "quite a few of these websites and most of them were infected through outdated software installed by the customer. The important note to take here is it's crucially important to ensure you're keeping your sites updated. Remember, security is everyone's responsibility. If you're running a website you have a responsibility to your readership, customers, and the online world in general." Sucuri offers a free malware and blacklist scan.

DreamHost CEO Simon Anderson gave these additional details, "Our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We've now confirmed that there are no more legacy unencrypted passwords in our systems. And we're investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though). Re your shell accounts, I'd suggest that you select a new password just to be sure."

Despite seeing one hack after another, password reuse is still a rampant problem. DreamHost customers who used that same password elsewhere should change it immediately before hackers can compromise those other accounts. Software architect and Microsoft MVP Troy Hunt advised "The only secure password is the one you can't remember."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!