Attackers were able to compromise a database at DreamHost, a large hosting provider, late last week and the company is forcing all of its customers to change their passwords for their FTP and shell accounts as a precautionary measure.
DreamHost did not provide many details about what happened in the incident, only saying that they “detected some unauthorized activity within one of our databases.” The company, which is based in Brea, Calif., said that it doesn’t have any evidence that the customer password database itself was accessed and the passwords were compromised, it is pushing through a process to change all of the passwords. The password change process was completed over the weekend.
Any DreamHost customer should, at this point, have had their password for their account changed. Some customers may have had their passwords changed twice, in fact, because of a glitch.
“Also, at some point after the initial notification went out asking customers to reset their passwords went out, the passwords were reset again. Unfortunately, we had no way of telling which passwords were already changed, so to be safe we forced out another change. If you changed your password and it stopped working again, this is likely the reason,” the company said in a blog post.
Hosting providers such as DreamHost have become frequent targets for attackers, who favor the providers for their large number of customers and the possibility of compromising a huge swath of sites or data at one time. Hosting companies often use FTP as a method for customers to access their sites and account information, and compromising the passwords for those FTP accounts would be a nice haul for an attacker. Such incidents have not been uncommon in recent years.