Under Review: 
No Review
Date Breach Made Public: 
January 20, 2012
Brea , CA
United States
California US
Records Breached: 


Breach Total Number: 
Year of Breach: 
Type of organization: 
Type of breach: 

Customers were told to login and change all passwords after unauthorized activity was detected on a database.  There was no evidence initially that customer passwords were taken, but customer passwords were immediately reset after the discovery.

UPDATE (2/07/2012): Hundreds of PHPs (Personal Home Page) have been created in order to redirect users to work-at-home scams. The Russian scam page tricks users into buying a starter kit for a phony internet-based job.  Though Dreamhost took steps to ensure that user web pages could not be stolen by resetting the FTP and shell access passwords of all customers, a number of websites hosted by the company have been hijacked to redirect users to the scam page. An analysis of some of the compromised web pages revealed that the January 20 DreamHost breach may not have been what allowed hackers to access the pages. Hackers had installed backdoor PHP scripts in order to access the pages on December 26.