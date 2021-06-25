Dreamhost is one of the best-known hosting companies in the world, a company based in Los Angeles that has millions of users, with services of all kinds, being WordPress one of the most popular.

At the beginning of 2021 they had a security problem, and personal names, usernames and email addresses of their customers were leaked.

Now there are more details of said problem. The leaked database contains 815 million records, and includes DreamPress user and administrator information (not passwords).

According to Jeremiah Fowler, an independent cybersecurity researcher who partnered with Website Planet to provide more details on the problem, the stolen information could have been used in attempts to break into users’ accounts using brute force or social hacking, such as sending an email to users telling them to update the password to obtain it with some malicious form, for example.

Another dangerous topic is domain theft. With the user’s private information, the hacker could try to steal the domain, although in that case it is not as simple as getting a password.

According to Fowler, it disclosed the breach in May and DreamHost did not make it public, stating that the data only contained performance metrics from a small number of the sites. Dreamhost claims that the database did not contain personally identifiable information about customers, although Fowler said there were first and last names as well as some middle initials. Fowler added that in a random sample of 10,000 records, .com appeared 99,078 times, .org 11,544 ,. net 11,054 and .us 454, so it is clear that there are a large number of domains affected.

At the moment there is no official information from Dreamhost to its clients. Fowler, on the other hand, as he disclosed his research to Forbes magazine.