Home Data Breaches The DreamHost database leak exposing 815 million records

The DreamHost database leak exposing 815 million records

June 30, 2021

EXECUTIVE SUMMARY:

One of the world’s largest web hosts, known as DreamHost, accidentally left a database exposed, resulting in the leak of names, usernames and other client data. All-in-all, a total of 815 million records were threatened.

The exposed data largely appeared archived, and not recent. However, it’s also unclear as to the length of time for which the data base remained openly accessible.

Client data theft

Cyber security experts warn that the data could have been weaponized in attempts to crack users’ accounts. A cyber criminal could have sent a phony email to a user, directing the individual to update his/her password, then sending the person to a cloned page that would capture the new login credentials.

In addition, domain theft represents a dangerous issue in relation to this security incident. DreamHost provides web services to clients, and a threat actor could hypothetically attempt to steal clients’ domain names. The leak of this type of information presents challenges for the vendor and clients, alike.

Who had access?

The DreamHost breach was first disclosed in May. DreamHost quickly responded and took necessary precautions, removing certain data from public view. The company asserts that only a limited number of customer sites may have experienced compromise. “It [data] was available for approximately 12 hours before being removed,” stated a DreamHost spokesperson.

DreamHost reports that the data was only accessed by a single internet user; a cyber security researcher. This individual had scanned DreamHost’s IP space and alerted the company to his findings.

Exposure, client data

Was any personally identifying information exposed? DreamHost states that the database did not contain any personally identifying information. The leaked data appears linked to under 25 websites and the issue has been handed to the company’s legal team.

Experts appear to disagree with the contention that personally identifying information was not released. One cyber security researcher, Jeremiah Fowler, asserts that first names, last names and some middle initials offered “…a clear connection to a real person, their email, and what websites they own or subscribe to.” He also suggests that “…to say this was a small number of domains may not be fully accurate.”

Customers should take care in selecting domain hosting providers. Keeping business data safe is critical. When a breach strikes a hosting provider, it often means that it will affect the customers too. This can ultimately result in increased costs all-around and lost revenue.

Exposed data is valuable for cyber attackers and affected clients may want to closely monitor systems for any suspicious activities. Social engineering attacks on client groups are common after cyber threat actors obtain information from exposed data and data breaches.

CVS client data leak

This security incident emerged shortly after the same security researcher, Jeremiah Fowler, exposed a similarly sized leak that affected CVS, the retail and pharmaceutical giant. In the case with CVS, the company worked to swiftly secure the affected data base.

As noted in the CVS case, it’s not just attackers who may be interested in client data; an organization’s competitors may want to quietly leverage the data too. For more information about the CVS breach, click here.