A team of researchers found an unprotected database of over 86 GB on the Web containing over 814 million records with information about usernames, display names, email addresses and other information related to DreamPress accounts.
DreamPress is a managed WordPress hosting offered by DreamHost, one of the largest American web hosting providers.
The leaked database included information about WordPress accounts hosted or installed on DreamHost servers from March 2018 to April 2021. Specifically, the entries contained admin and user information (admin login url, first and last names, internal and external users’ email addresses, logins, roles), host IP and timestamps, build and version information, plugin details and themes, including configuration and what they were used for.
In addition, 10,000 entries contained email addresses associated with WordPress accounts in the .gov and .edu domain zones.
Experts found the database in April this year and immediately notified the owner. For several hours, access to the database was closed. It is currently unclear how long the database has been on the Web, and who, other than researchers, got access to it. It is also unknown if DreamHost notified DreamPress users of the leak.
Catch up on more articles here
Follow us on Twitter here
