DreamHost has issued a security warning to all customers as of January 20, 2012 at 9:25am Pacific Time.
Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. Please login to our web panel and change any passwords you may have with us. We’ll keep this post updated as we get more information.
When logging into the DreamHost Web Panel, the following warning appears at the top of the page:
Due to some unauthorized activity we detected within one of our databases, we have forced a reset of all FTP/SFTP and shell passwords as a precaution.
Please visit the “Users > Manage Users” tab immediately to change any passwords you may have with us.
You can keep up to date with this issue as it progresses on the DreamHost Status blog at:
There have been numerous updates through the day. Click here for the latest status on DreamHost servers.
Be sure to log-in immediately and change your passwords.
We also strongly suggest you make a complete backup of your website files and databases.
DREAMHOST STATUS UPDATES
Update Jan 21st, 11:00am PST: Password changes are still processing. albeit slowly. At this time we estimate that any password change will take approximately 1-2 hours to fully update in our system. We sincerely apologize for the delay in these changes taking effect. -Oscar