Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This popular web hosting service left 800m records exposed online for 12 hours

Image Description

DreamHost has been outed by a security researcher who discovered around 814 million customer records had been leaked under the web hosting firm's watch.

A database without password protection that contained the records was found by Security Researcher and co-founder of Security Discovery Jeremiah Fowler and the Website Planet research team.

Fowler claimed, in a report, that the data that was leaked included admin and user information for DreamHost's DreamPress WordPress hosting accounts including WordPress login location URL, first and last names, email addresses, usernames, roles, host IP addresses and timestamps.  

TechRadar Pro reached out to Dreamhost for a comment and was told that 21 websites were affected, and the only party outside of DreamHost to see this data was a security researcher who worked with the web hosting firm to resolve the issue. 

DreamHost data leak 

The total size of the exposed data was 86.15GB with 814,709,344 total records, according to the report Fowler authored.

While DreamHost acknowledged that those figures were correct, the company denied that the database contained Personally Identifiable Information (PII) of DreamHost customers.

Instead, the company released a statement about the leaked records and mentioned that the database consisted of object update records, error reports, and log entries.

DreamHost also said the database was only accessible outside of its network for 12 hours during an active maintenance window. 

"A logging database had been used for storing test data related to feature development. This database was not properly configured for authentication. A firewall configuration issue temporarily made this database accessible outside of our network," said the DreamHost team.

To resolve the issue, DreamHost said it corrected the configuration issues resulting in outside accessibility, removed stale testing data and contacted the 21 website owners that were affected.

Via WebProNews

Date

28 Jun 2021

Sources


Share


Other Blog

  • Microsoft 365: Clippy is making a triumphant return

    The infamous Clippy will return to Microsoft 365, but in a different and less-annoying form.

    Read More
  • Assassin’s Creed Valhalla PC specs aren’t too demanding – but you may need an SSD

    And at higher resolutions and detail levels, things get a bit more prickly.

    Read More
  • Ubisoft says Just Dance was hit by a data breach

    Ubisoft has notified owners of its Just Dance title of a data breach, which the company says was limited to "technical identifiers", including GamerTags, profile IDs, Device IDs, and some Just Dance videos.

    The attackers targeted the IT infrastructure used by Ubisoft to run Just Dance, which has sold millions of copies, just one month after the launch of Just Dance 2022. Ubisoft says an investigation has "not shown that any Ubisoft account information has been compromised as a result of this incident."

    Ubisoft did not disclose the scale of the breach but said anyone affected would receive an email with more details. Users are advised to enable two-factor authentication (2FA) and reset passwords as a precaution. 

    Panic at the disco

    The company added that it was taking  "all the proactive measures necessary" to make sure its infrastructure is protected against any possible future cyberattacks. 

    The data breach comes at an unfortunate time for Ubisoft, which has released a bunch of incredibly successful titles including Assassin's Creed, Far Cry, the Tom Clancy series, and Watch Dogs

    A recent Axios report described a "great exodus" at the company as dissatisfied employees – many citing low pay, good opportunities elsewhere, frustration at Ubisoft's creative direction, and workplace misconduct scandals – took to the exits. Many even signed an open letter earlier this year. 

    This isn't Ubisoft's first rodeo with data breaches either. At the end of 2020, the company was targeted by the Egregor ransomware, alongside Kmart and Crytek. 

    TechRadar Pro has contacted Ubisoft for comment.

    Read More
  • Stop video piracy with vdocipher video hosting platform

    With the rise in video content consumption, the need of protecting your content from piracy is higher then ever.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us