In the DreamHost spirit of transparency and openness, I’m providing this update on our blog on the security issue yesterday. It’s necessarily pretty dry and factual, unlike most DreamHost posts, but that’s important to communicate as much detail as possible while not disclosing the inner workings of our security defenses. The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords. The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access.
Early yesterday, one of DreamHost’s database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place. Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it.
Our first priority in this situation is to protect the safety and security of our customers’ websites and information. A quick review of the data potentially accessed indicated that some customers’ FTP and shell access passwords may have been compromised. So we decided to err on the side of caution and immediately initiate a forced reset of all customers’ FTP and shell access passwords, with the aim of preventing any illegal activity on customer websites. All FTP and shell access passwords were reset, and customer notifications were inserted in the web panel and on www.dreamhoststatus.com asking customers to specify new passwords once they’d logged in.
DreamHost has three types of user passwords – a web panel password, FTP/shell access passwords, and email passwords. Web panel passwords and email passwords were not accessed or affected. However we recommended in an update email to customers and their email users late yesterday that they reset their email passwords as well, as a precaution. It’s important to note that NO CUSTOMER BILLING INFORMATION OR OTHER PERSONAL INFORMATION WAS ACCESSED.
Our Security and Software teams have been investigating if any customer sites, apps or blogs have been affected as a result of the intrusion. As yet we have not identified any major issues – potentially as a result of the swift action to force a password reset. We’ll continue to monitor all systems and investigate and assist with any issues if they come up. We’ll all be working hard over the coming days to minimize any impact on customers beyond the password reset.
DreamHost uses a sophisticated suite of security software and constant monitoring that typically prevents any type of illegal access to our systems. In this case, our systems were not able to prevent the unauthorized access, however our intrusion detection system did allow us to respond immediately and minimize customer impact. We’ve already implemented changes to prevent any similar attempted hacks, and we’re performing a rigorous security review including a detailed review of customer input on potential vulnerabilities. Defending against cyber attacks is unfortunately an everyday part of business for Internet companies, so we’re constantly evolving our security measures to prevent them.
Thanks to all our customers for your patience, support and understanding. We acted swiftly to minimize the risks of the intrusion, and we know that changing passwords has caused you inconvenience. Customers who have ongoing concerns can contact our support team through the web panel. And I’ll be posting another update here if further information that can be shared publicly.