Web hosting firm suffers massive password breach
Web hosting specialist DreamHost has become the latest high-profile victim of an online security breach, this time resetting the passwords for all of its customers after detecting suspicious database activity.
"One of DreamHost's database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place," explained chief executive Simon Anderson in a statement posted on the company's website. "A quick review of the data potentially accessed indicated that some customers' FTP and shell access passwords may have been compromised. So we decided to err on the side of caution and immediately initiate a forced reset … with the aim of preventing any illegal activity on customer websites."
Thankfully, Anderson suggested that there did not appear to be any malicious activity on customer accounts following the online security event. Also, neither the web panel passwords or email passwords maintained by DreamHost customers were accessed or affected by the breach and billing information remains confidential.
The company claims to have more than 300,000 customers worldwide, according to Computerworld, and has promised to diligently monitor all accounts. Officials have already debunked a rumor suggesting that the breach has led to a related malware infestation on customer websites.