• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Data breach prompts DreamHost to reset customer passwords

Data breach prompts DreamHost to reset customer passwords

  • Posted on:February 8, 2012
  • Posted in:Current News, Privacy & Policy
  • Posted by:
    Trend Micro
0

DreamHost, a web hosting service boasting more than 300,000 customers, initiated a forced reset of user passwords earlier this week after discovering a potentially harmful network intrusion.

"The bad news is that we detected access to one of our databases and took rapid action to protect customer accounts and passwords," explained chief executive Simon Anderson in a letter to customers. "The good news is that it does not appear that any significant malicious activity has occurred on any customer accounts as a result of the illegal access."

According to Anderson, DreamHost's database servers were illegally accessed as a result of a zero-day exploit. Further data security analyses provided by detection intrusion mechanisms determined that customers' File Transfer Protocol (FTP) and shell access passwords were the only records exposed to the danger. Anderson stressed that transactional data, billing addresses and personal information were neither accessed nor obtained in the attack.

The email and web panel passwords required to manage customer sites were left unaffected, prompting company officials to manually reset only the FTP and shell access passwords. However, customers were advised to refresh their login credentials on their own, particularly if passwords had been recycled and used across multiple online accounts.

The company will continue to monitor customer accounts for any further signs of suspicious activity, according to PCWorld. Early reports suggested that the data breach may have led to a rash of malware infestations across customer websites, but an independent security firm debunked that assertion by noting that outdated software solutions deployed by customers were the more likely source of vulnerability.

It appears as though effective network monitoring and swift intervention may have saved the day for DreamHost, although the situation is still developing. These lessons may be particularly valuable across industries at a time when cyberattacks and data breaches show no signs of slowing down.

According to the Identity Theft Resource Center, hacking attacks were responsible for one out of every four data breaches recorded in 2011, representing a five-year high. When combined with the prevalence of insider threats, the two malicious strategies accounted for nearly 40 percent of all incidents reported last year.

With the rise of mobile and cloud computing sending data to a greater variety of endpoints and stretching the network perimeters to a global scale, information security experts suggest it may be more worthwhile to bolster data-level protections. Instead of struggling to detect abnormal traffic patterns, many are focusing on locking down data before it is exchanged.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Data breach prompts DreamHost to reset customer passwords
  2. Zappos, Amazon facing lawsuit over data breach
  3. Yahoo Breach: It’s Time to Keep Those Passwords Safe
  4. Best Buy suffers second data breach in a month

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, ę—„ęœ¬, ėŒ€ķ•œėÆ¼źµ­, å°ē£
  • Latin America Region (LAR): Brasil, MĆ©xico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Ɩsterreich / Schweiz, Italia, Š Š¾ŃŃŠøŃ, EspaƱa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.