Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dreamhost FTP/Shell Password Database Breached

Posted by Soulskill on from the another-day-another-intrusion dept.

New submitter Ccmods writes "Below is a snippet from an email Dreamhost sent to subscribers early Saturday morning, describing an intrusion into the database storing FTP and SSH usernames and passwords: 'We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. ... Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.'"

1 of 123 comments (clear)

  1. Re:Not a big deal by Anonymous Coward · · Score: 3, Interesting

    >Where? I've been a DH customer for 5 years...

    The "forgot my password" link on the webpanel login page (discovered today by virtue of needing to log in to set user passwords again).

    You are right that for users within your webpanel account there is no email reset option - you log into the webpannel to set these passwords.
    But the webpanel account itself - passwords are emailed in plaintext.