1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This popular web hosting service left 800m records exposed online for

    From TechnologyDaily@1337:1/100 to All on Mon Jun 28 17:00:03 2021
    This popular web hosting service left 800m records exposed online for 12 hours

    Date:
    Mon, 28 Jun 2021 15:47:08 +0000

    Description:
    DreamHost left website owners exposed as a maintenance window opened up the opportunity for outsider access.

    FULL STORY ======================================================================

    DreamHost has been outed by a security researcher who discovered around 814 million customer records had been leaked under the web hosting firm's watch.

    A database without password protection that contained the records was found
    by Security Researcher and co-founder of Security Discovery Jeremiah Fowler and the Website Planet research team.

    Fowler claimed, in a report , that the data that was leaked included admin
    and user information for DreamHost's DreamPress WordPress hosting accounts including WordPress login location URL, first and last names, email
    addresses, usernames, roles, host IP addresses and timestamps. Check out the best managed WordPress hosting We've also highlighted the best shared web hosting services available Here's a list of the best website builders on the market

    TechRadar Pro reached out to Dreamhost for a comment and was told that 21 websites were affected, and the only party outside of DreamHost to see this data was a security researcher who worked with the web hosting firm to
    resolve the issue. DreamHost data leak

    The total size of the exposed data was 86.15GB with 814,709,344 total
    records, according to the report Fowler authored.

    While DreamHost acknowledged that those figures were correct, the company denied that the database contained Personally Identifiable Information (PII) of DreamHost customers.

    Instead, the company released a statement about the leaked records and mentioned that the database consisted of object update records, error
    reports, and log entries.

    DreamHost also said the database was only accessible outside of its network for 12 hours during an active maintenance window.

    "A logging database had been used for storing test data related to feature development. This database was not properly configured for authentication. A firewall configuration issue temporarily made this database accessible
    outside of our network," said the DreamHost team.

    To resolve the issue, DreamHost said it corrected the configuration issues resulting in outside accessibility, removed stale testing data and contacted the 21 website owners that were affected. We also have a list of the best small business web host right now

    Via WebProNews



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-popular-web-hosting-service-left-800m-reco rds-exposed-online-for-12-hours/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)