DreamHost Security Breach



Several days ago, I got 500 Internal Server errors while trying to access my blog and WordPress admin panel so I immediately I sent a ticket to Dreamhost’s support staff. Right after that, I accessed Dreamhost’s status page to check if there were known issues or problems with the servers or hosting in general. In a recent post, I read one person mention something about a FTP password security breach in Dreamhost. I totally forgot about it and I didn’t get to find out what it was all about.

Then earlier today, I received this email from Dreamhost:

A very small subset of our user accounts have been compromised due to a security flaw in our web control panel software. We have already notified those of you affected directly via email, aside from dedicated server customers who are being notified right now. If you are not on a dedicated server and you have not gotten an email from us your account has not been compromised and is likely safe. It’s still a good idea to change your ftp and web control panel password as a precautionary measure.

The security flaw allowed the attackers to log into our web panel with the access privileges of another user. From our web panel they were able to access individual user password information. The attackers also attempted to gain access to our central database and billing information but were ultimately thwarted in that attempt. No credit card information or customer personal information was obtained.

After reading this, I went and tried to do a Google search on this incident. I found out that about 3,500 separate FTP account passwords were leaked and used by hackers in an effort to gain access to the database and billing information of Dreamhost.

Right that moment, I logged on to my Dreamhost web panel and changed all my passwords. Then I checked my folders and files to see if there were any changes made and also checked if there were files uploaded without my knowledge.

I know of some Dreamhost clients who left and moved to a different web host after this incident. Me? I think I’ll stay for now but it does make me think of looking for a better web host just in case I need to move.


Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

4 Comments

  1. JP Habaradas

    June 8, 2007 at 8:10 AM

    @SELaplana – You’re welcome! If those were very important files, I won’t mind how long it would take to back them up. Better safe than sorry. ;)

    Maybe you can get a USB hard drive with a high storage capacity like 500 Gb.

  2. SELaplana

    June 8, 2007 at 12:17 AM

    ah ok. thanks for the advice.

    but i think, it will be hard for me to back my files up because its huge. and i don’t know how much time will it take.

  3. JP Habaradas

    June 7, 2007 at 10:31 AM

    @SELaplana – This things not only happen to Dreamhost it can happen to any web hosting company.

    If you’re worried about losing all your data that you have with your web host, you should have a backup of all your files in your own computer and/or somewhere else in case something happens.

    Good for you. It’s important to have a good and reliable web host. :)

  4. SELaplana

    June 6, 2007 at 9:53 PM

    before, i wanted my blog to be hosted by dreamhost. but i was worried if there something wrong happened and i might not recover stuffs i uploaded to their server especially that the host is located somewhere away from me.

    so i decided to let ploghost of Yuga to host my blogs. and i found no problem yet with the hosting services they offered.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.