This popular web hosting service left 800 million records exposed online

DreamHost was exposed by a security researcher who discovered that around 814 million customer records had been leaked under the surveillance of the web hosting company.

A database without password protection was found by Jeremiah Fowler, co-founder of Security Discovery, and the Website Planet research team.

In a report, Fowler claimed that the leaked data included administrator and user information for DreamHost’s DreamPress WordPress hosting accounts, such as login location, first and last names, email addresses, surnames user IDs, roles, host IP addresses, and timestamps.

Tech Radar Pro contacted Dreamhost for comment and was told that 21 websites were affected, and the only party outside of DreamHost to see this data was a security researcher who worked with the web hosting company to resolve the issue.

DreamHost Data Leak

The total size of exposed data was 86.15 GB with 814,709,344 records in total, according to the report compiled by Fowler.

While DreamHost acknowledged that these numbers were correct, the company denied that the database contained personally identifiable information (PII) from DreamHost customers.

Instead, the company released a statement about the leaked records and mentioned that the database consisted of object update records, error reports, and log entries.

DreamHost also said the database was only accessible outside of its network for twelve hours during an active maintenance window.

“A logging database had been used to store test data related to feature development. This database was not properly configured for authentication. A firewall configuration issue temporarily rendered this database of data accessible outside of our network,” the DreamHost team said.

To resolve the issue, DreamHost said it fixed configuration issues causing outdoor accessibility, removed outdated test data, and contacted all 21 affected website owners.

Going through WebProNews

James S. Joseph