Slashdot Mirror


Dreamhost FTP/Shell Password Database Breached

New submitter Ccmods writes "Below is a snippet from an email Dreamhost sent to subscribers early Saturday morning, describing an intrusion into the database storing FTP and SSH usernames and passwords: 'We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. ... Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.'"

1 of 123 comments (clear)

  1. Re:Not a big deal by Alex+Zepeda · · Score: -1, Flamebait

    The anger and misunderstanding probably comes from the way that DreamHost uses their system status blog to talk down to and make fun of their customers. DH is a mickey mouse operation if I've ever seen one. If they're owning up to the FTP/SSH database being compromised, there's probably more to it. I haven't used DreamHost in almost six years, and I didn't have a hard time talking clients into switching away after their last spate of self-inflicted downtime (and nonchalant manner in which they dealt with intrusive maintenance).

    More to the point, storing hashes of passwords doesn't guarantee security... and there's no indication that they actually stored the passwords in a secure manner.

    --
    The revolution will be mocked