Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This popular web hosting service left 800m records exposed online for 12 hours

Image Description

DreamHost has been outed by a security researcher who discovered around 814 million customer records had been leaked under the web hosting firm's watch.

A database without password protection that contained the records was found by Security Researcher and co-founder of Security Discovery Jeremiah Fowler and the Website Planet research team.

Fowler claimed, in a report, that the data that was leaked included admin and user information for DreamHost's DreamPress WordPress hosting accounts including WordPress login location URL, first and last names, email addresses, usernames, roles, host IP addresses and timestamps.  

TechRadar Pro reached out to Dreamhost for a comment and was told that 21 websites were affected, and the only party outside of DreamHost to see this data was a security researcher who worked with the web hosting firm to resolve the issue. 

DreamHost data leak 

The total size of the exposed data was 86.15GB with 814,709,344 total records, according to the report Fowler authored.

While DreamHost acknowledged that those figures were correct, the company denied that the database contained Personally Identifiable Information (PII) of DreamHost customers.

Instead, the company released a statement about the leaked records and mentioned that the database consisted of object update records, error reports, and log entries.

DreamHost also said the database was only accessible outside of its network for 12 hours during an active maintenance window. 

"A logging database had been used for storing test data related to feature development. This database was not properly configured for authentication. A firewall configuration issue temporarily made this database accessible outside of our network," said the DreamHost team.

To resolve the issue, DreamHost said it corrected the configuration issues resulting in outside accessibility, removed stale testing data and contacted the 21 website owners that were affected.

Via WebProNews

Date

28 Jun 2021

Sources


Share


Other Blog

  • The Sims 4 is hosting its first in-game musical festival featuring real-life artists

    The Sims 4 will host its first-ever in-game music festival featuring real-life artists Bebe Rexha, Glass Animals and Joy Oladokun.

    Read More
  • Get a 15-inch Acer Nitro 5 with RTX 2060 for $899 thanks to this Black Friday deal

    Get ray-traced gaming for less than $900 thanks to this Black Friday deal on an Acer Nitro 5 gaming laptop.

    Read More
  • Office 365 vs G Suite: What's the best office software?

    Looking for the right productivity software to power your company’s file management system? We compare two of the best productivity apps in the market to help you pick the right one.

    Read More
  • HP's conferencing monitors might be the next big thing to help make WFH bearable

    HP’s E24d G4 and E27d G4 come with webcam, speakers, soundbar.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us