DreamHost Mistake Leaks 815 Million-Record Database Of Website Owner Data

One of the largest web hosts in the world, Los Angeles-based DreamHost was able to access a huge database that contained names, usernames, and email addresses of customers. A cybersecurity researcher warned this.

DreamHost’s popular service for WordPress websites, DreamPress. The data was stored in a database that contained 815 million records. It also contained administrator and user information for DreamPress. Although the data appears to have been available for at least three years, it is unclear how long. According to Jeremiah Fowler, an independent cybersecurity researcher and partnered with Website Planet (a website for web developers) to reveal the leak, the data could have been combined to attempt to hack into user accounts.

Fowler explained to Forbes that all a criminal needs to do is send an email asking for password updates and sending them to a page cloned. This will capture any passwords the victim might enter. Domain theft is another serious problem. If a criminal has access to the account’s private information, they can steal the domain. This information should be only known by the hosting provider or registrar and the client. Leaked information can create a problem.

One of the largest web hosts in the world, Los Angeles-based DreamHost was able to access a huge database that contained names, usernames, and email addresses of customers. A cybersecurity researcher warned this.

DreamHost’s popular service for WordPress websites, DreamPress. The data was stored in a database that contained 815 million records. It also included administrator information and user information for DreamPress. Although the data appears to have been available for at least three years, it is unclear how long. The data could have been combined to attempt to hack into user accounts, according to Jeremiah Fowler, who is an independent cybersecurity researcher and partnered with Website Planet (a website for web developers) to reveal the leak.

Fowler explained to Forbes that all a criminal needs to do is send an email asking for password updates and sending them to a page cloned. This will capture any passwords the victim might enter. Domain theft is another serious problem. If a criminal has access to the account’s private information, they can steal the domain. The client and the hosting provider should only know this information. Leaked information can create a problem.

Fowler stated that there were first and second names and middle initials in the admin and user account names. Fowler stated that there was a “clear connection to a real individual, their email address, and what websites they subscribe to or own.” He also said: “In a random sampling of 10,000 records, we conducted search queries to domain extensions and can validate these:.com appears 99,078,.org 11,544, and.net 11,054 and.us 454”. This was only a small sample of the 814,709 and 344 total records. This may not accurately reflect the total number of domains.

Fowler reported last week that a similar-sized breach occurred at CVS, a healthcare retail giant. Although the company acted quickly to secure the database, it was just one of many incidents in which large companies have accidentally exposed customers’ data.

- Advertisement -
Avatar photo
Adam Collins
Adam writes about technology, business and economics. With master's degree in Economics, he's presented six papers in international conferences. As a solivagant in the constant state of fernweh, curiosity is the main weapon in his arsenal.

Latest articles

Related articles