DreamHost hacker accessed pool of unencrypted passwords

DreamHost, one of the world’s most popular and well-known web hosting providers, has sent a warning out to its customers saying that one of their databases containing user FTP/shell access passwords has been accessed by unknown attackers.

“There are three different types of passwords at DreamHost: a web panel password (for logging into the panel), email passwords, and FTP/shell access passwords,” explained the DreamHost team. “Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.”

The hosting company immediately reset all FTP/shell access passwords out of precaution, and asked users to create a new one through their DreamHost web panel. It also urged them to change email passwords as well, but hasn’t forced a reset.

DreamHost CEO Simon Anderson took to the official company blog to explain the situation. “Early yesterday, one of DreamHost’s database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place,” he explained. “Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it.”

After having been prodded by users, he admitted that even though their systems have stored and used encrypted passwords for a number of years, the attacker found a legacy pool of unencrypted FTP/shell passwords in a database table that they had not previously deleted. He claims that no more legacy unencrypted passwords can now be found in their systems.

The company also warned about potential phishing emails that users might receive from attackers posing as DreamHost, and reiterated that the company would never ask them for personal or account information via email.