Customers of California-based DreamHost typically get regular updates and notices from their web host provider as part of the company’s ongoing commitment to openness and transparency. But late last week (middle of January 2012) that transparency turned potentially ugly when customers were informed of a potential security breach which may have compromised usernames and passwords. As a result, DreamHost reset the FTP passwords of all clients and informed them of the change in an e-mail notification.
Though the company reassures customers that no data was compromised, the reset was part of a standard security protocol to prevent further damage. DreamHost clients are free to log on to their control panels and enter new FTP passwords as they see fit. However, the company obviously recommends they do not use the same passwords they were using previously. DreamHost officials maintain billing information and e-mail passwords were not affected by the security breach.
In a blog post published this past Saturday (January 21, 2012), Dream Host CEO Simon Anderson wrote, “In the DreamHost spirit of transparency and openness, I’m providing this update on our blog on the security issue yesterday…The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords. The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access.”
Fallout from the breach has been pretty insignificant except for the fact that service was slowed down significantly over the weekend by the large volume of customers logging on to change their passwords. DreamHost reported everything pretty much back to normal by the opening of business on Monday.