DreamHost, T-Mobile Data Breaches Compromise User Passwords

CIO Insight Staff Avatar

Updated on:

Coming on the heels of the Zappos.com breach, hosting provider DreamHost has reset its customer accounts because of a data breach.

Unknown attackers breached a database server belonging to Web hosting provider DreamHost, the company said Jan. 20. FTP and shell access passwords of some customers may have been compromised.

The company was not specific about exactly what was taken, but pre-emptively reset all Shell and FTP passwords, in the same way that Zappos.com reacted to its recent data breach. Thanks to its "fast action," DreamHost did not see any "unusual malicious activity on customer accounts," the company said.

"While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution," DreamHost posted on its status blog.

The company did not offer any information on what may have happened or what actions it was taking. DreamHost "detected some unauthorized activity within one of our databases," according to the blog post.

Attackers frequently target hosting providers in hopes of getting access to a large number of Websites or large volumes of data at once. Customers often have FTP accounts in order to access their sites and account information. FTP is an outdated protocol and not secure, as none of the traffic is encrypted. FTP passwords can be intercepted as they are transmitted in clear-text.

In the case of the DreamHost breach, having access to those File Transfer Protocol accounts would give attackers access to customer Websites.

Internet users should always make sure they are not reusing passwords on other sites. It’s not enough to just have difficult-to-guess-or-crack passwords; they should also be unique, Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.

"After all, if hackers do have your DreamHost FTP password you don’t want them to be able to log into your email, eBay, Amazon, etc. accounts too," Cluley said.

A group of hackers operating under the "TeaMp0isoN" banner claimed to have stolen login credentials belonging to employees at T-Mobile, the U.S. subsidiary of Deutsche Telekom. The password data was dumped on the Pastebin text-sharing site. There are reports the information was obtained by exploiting SQL injection flaws on t-mobile.com and newsroom.t-mobile.com. T-Mobile said private customer data was never at risk.

Most of the passwords dumped were simple six-digit number codes composed of repeating numbers, such as "112112."

Hacking attacks were responsible for 25.8 percent of data breaches recorded in the Identity Theft Resource Center s 2011 Breach Report. Insider theft accounted for 13.4 percent of the 419 data breaches tracked by the ITRC in 2011.

The activist hacker group Anonymous continued its attack spree to retaliate against the government’s shut down of file-sharing service Megaupload over the weekend. The Website for Universal Music came under attack again, as did the site of its former parent company Vivendi.

The official Website of the French government, Brazilian entertainment sites and several Polish government sites were also hit. Anonymous claimed to have access to servers belonging to the United Nations, Facebook, YouTube, Twitter and various banks and threatened to take them down if Megaupload doesn’t come back online, according to a video released last Thursday. "We are prepared to launch a global blackout of these Websites," the video threatened.

Anonymous also went after CBS with a DNS poisoning attack, according to Twitter messages that appeared Jan. 22. Visitors trying to get to the main page of CBS.com were shown an empty directory structure for any page on CBS.com or received 404 Not Found errors. The main site appeared as a directblank page, as if all the contents on the Web server had been deleted. In actuality, it appears that the attackers managed to modify the Domain Name System record for CBS.com to a different IP address, thus redirecting users to a different Web server.

Anonymous attacked Poland government sites to protest the Anti-Counterfeiting Trade Agreement, an international anti-piracy agreement aimed at creating international standards for intellectual property protection, reported the Associated Press. The United States and other non-EU states have already signed the multi-lateral agreement and Poland is poised to do so.

To read the original eWeek article, click here: DreamHost, T-Mobile Data Breaches Compromise User Passwords

CIO Insight Staff Avatar