Earlier this morning, the webhosting company, DreamHost, issued a very serious warning to all of their customers that have hosting with them:
“Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. Please login to our web panel and change any passwords you may have with us. We’ll keep this post updated as we get more information.”
As a result of this all FTP passwords need to be reset. This has become a mandatory action to be performed. According to DreamHost’s status blog, the company detected
“unauthorized activity within one of [the] databases”.
This means that someone or something was poking around where they were not supposed to be. THey were nor careful enough (and/or DreamHost had enough protections and measures in place) to see that something was up! It is kinda like when Mom discovers the kids were in the cookie jar!
The good news is that, according to DreamHost, “don’t have evidence that customer passwords were taken at this time”.
As mentioned above, however, DreamHost is making everyone reset and change their password for all Shell/FTP accounts.
Please be aware that this is NOT the account that most people use to login to their billing account, but the accounts that you use to access your website.
REGARDLESS of what hosting company you use, you should frequently change your passwords every 90 days at a minimum! And when you do change them, make sure you are not using 1 password for ALL your accounts!
Of course, I would strongly encourage customers to use an application like 1Password to generate (and keep track of) strong password. This goes both for account management *and* FTP credentials.
Absolutely, Eric! Personaly, I use LastPass and have used RoboForm in the past as well. Keep those passwords STRONG!