Web hosting service DreamHost has leaked a staggering 814 million customer records, including WordPress admin information.
DreamHost is one of the biggest and most popular web hosting services, with some 1.5 million sites. Security researcher Jeremiah Fowler, in connection with Website Planet, found an unprotected database containing records for the time period between 3/24/2018 to 4/16/2021.
According to Fowler, the database contains sensitive information, including admin information for WordPress sites.
The exposed records revealed usernames, display names, and emails for WordPress accounts. The monitoring and file logs exposed many internal records that should not have been publicly accessible. They were structured as roles, ID, display name, email, and other account related information.
There’s still much unknown about the leak, including how long the data was available, who else may have accessed it and whether DreamHost has notified customers. DreamHost did, however, acknowledge the leak and has passed it to their legal team.