WEB HOSTING FIRM Dreamhost has admitted that its servers were attacked and customers' passwords might have been accessed.
The company has confirmed that its database has been successfully hacked into exposing FTP and shell passwords. Although the security system failed to stop the intrusion it gave warning, enabling swift action to be taken.
Simon Anderson, CEO of Dreamhost said in a blog post, "One of Dreamhost's database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place. Our intrusion detection systems alerted our Security team to the potential hack, and we rapidly identified the means of illegal access and blocked it."
After reviewing the data possibly accessed in the attack the firm realised that users' passwords might have been obtained. In light of this it initiated a forced password reset for all customers to avoid illegal activity on their web sites.
The California-based firm hosts more than one million domains. It said email and web panel passwords were not accessed or affected.
Anderson strongly pointed out that "NO CUSTOMER BILLING INFORMATION OR OTHER PERSONAL INFORMATION WAS ACCESSED."
While attacks of this nature can have a significant impact on a business and its customers, the effects seem to be minimal in this case. Anderson says that so far there have been no major issues identified and changes have already been made to stop a similar attack from occurring. µ