This post revealed the leak of Dreamhost. 3500 ftp passwords has been stolen and you can’t read any information from Dreamhost’s status or official blog. I am not a customer of Dreamhost. I am happy that I chose bluehost. But this doesn’t mean bluehost won’t be hacked. “Hack” might not be correct because dreamhost didn’t tell how those passwords to be stolen. Maybe that’s an inside job. Of course, they can’t admit if it is because that’s worse than being hacked. We all know ftp password may not only be used for ftp, it could be a password for everything if the user is lazy and is without vigilance.
There is a comment in caydel.com:
They just send a mail to all users who had the password “1234”.
How could Dreamhost know your password? Does that means all passwords are stored without encrypting or decrypting is possible? or many people use “1234” as password and the staff noticed lots of encryption of “1234”.
You can see some ads comments or suggestion of better hosting companies. “Opponent’s leak is benefit.”
LLBB 