DreamHost database leaked 814 million records online, including customer data
The Website Planet research team, in cooperation with security researcher Jeremiah Fowler, discovered a non-password protected database that contained just under one billion records. The exposed records revealed usernames, display names, and emails for WordPress accounts.
The monitoring and file logs exposed many internal records that should not have been publicly accessible. They were structured as roles, ID, display name, email, and other account related information. The exposed log files contained what appears to be three years of records that range from 3/24/2018 to 4/16/2021 and each contained information about WordPress accounts hosted or installed on DreamHost’s server and their users.