RPS and Dreamhost user data compromised

Posted on by

If you’ve ever had an account on the popular gaming site, Rock Paper Shotgun, or have a site hosted on Dreamhost (this one is), word is that both of them had their user data compromised today. I’ve no idea if there’s any connection between the two, but both sites recommend you to change your passwords. In a time where we trust the web with an increasing amount of our data, the frequency in which sites get compromised is unsettling.

Here’s the email I received from Dreamhost.

IMPORTANT INFORMATION: We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. There are three different types of passwords at DreamHost: a web panel password (for logging into the panel), email passwords, and FTP/shell access passwords. Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed. Refer to the following DreamHost status post for details: http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/.

IMPORTANT ACTION REQUIRED:

To create a new FTP/shell access password for your DreamHost account, please login to your DreamHost web panel (https://panel.dreamhost.com/), select "Manage Users" in the top left, then select "Edit" next to each user and type in a new password. Make sure you click "Save Changes" at the bottom of the page.
We are also requesting that you change your email password. We are not enforcing this change at this time as we do not believe that email p asswords were compromised. However we strongly recommend that you change your email password as a precaution. To change the passwords for your email users or yourself, log into the DreamHost panel at (https://panel.dreamhost.com/), select "Manage Email" in the top left, select "Edit" next to each email user address, and choose a new password for each. Make sure you click "Save Changes" at the bottom of the page.
We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please contact us through the support page in the panel.

Note that DreamHost will never ask you for personal or account information in an email. Please exercise caution if you receive any other emails that ask for personal information or direct you to a web site where you are asked to provide personal information.

Sincerely,

The DreamHost Team

And this one from RPS.

Hi everyone.

You're receiving this email if you've ever registered an account to leave comments on RPS. We'd never normally use your email to contact you, but as you'll see this is important.

It really sucks to be sending this email, but this week the RPS forums were hacked. The hackers found a way into the server on the 14th Jan, and had access for five days. That hole is now closed, and they're gone.

However, it's not entirely clear what they did when they were there. There is no evidence that they managed to get at user details, which are well hidden, but simultaneously there's no absolute evidence that they didn't. So at this point we have to assume the worst.

If they got to those files, they will have got people's emails, usernames, and encrypted passwords. Those passwords were encrypted in such a way that our tech bods believe it will take them at least a month to crack. But it means that we *strongly* recommend that you not only change your password on the RPS forums/commenting registration, but if you use that password elsewhere, make sure you change it there too. In fact, we utterly strongly recommend that you never use the same password in two different places, for this very reason.

We're tremendously sorry. We learned about the attack on Thursday afternoon, and the tech people at Positive closed it off immediately, and have been sorting it out since, working out what they could have found. We learned the information reported above this evening, and have told you as quickly as we can.

Please head to the following to reset your passwords as soon as possible:

For the forum:

http://www.rockpapershotgun.com/forums/profile.php?do=editpassword

And for the main site:

http://www.rockpapershotgun.com/wp-login.php

and select "Lost your password" and follow the instructions to set a new one.

or if that one doesn't work,

http://www.rockpapershotgun.com/wp-admin/

and change it in your account settings there.

And please accept our emphatic apologies that this has happened. We are doing our best to ensure this doesn't happen again. If you want to respond to this email, please use contact@rockpapershotgun.com - replying to the address this has come from (our mailing system usually used for subscribers) won't work.

Yours, with sad faces,
RPS Hivemind

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s