OH HAI, I STOLED UR PASSWURDZ

[ music | 4 Non Blondes – What’s Going On ]

So, I got an email from Dreamhost on thursday.

“Dear DreamHost customer, We have found evidence indicating that your ‘XXX’ web server account may have been subject to intrusion by a malicious 3rd party. As a precautionary measure, we have reset your password and ask that you change it…”

Ok, WHAT? My first thought was “who could possibly have gotten my password?” I don’t use IE, I don’t use the same PW everywhere, I use secure PWs, I don’t enter my information into forms from random email links, etc. I’m a security conscious user. My last computer virus was in 1993. Well, I asked what this was about, why they felt my account was at risk, and it seems it’s probably just a consequence of this incident from last year.

“We received a tip linking to a file of usernames and passwords including a small handful of DreamHost FTP accounts; your username was on this list. This does not necessarily mean that any illegal activity has occurred under your account (as we’ve not observed such) but it does mean that someone cracked, phished, snooped, or otherwise obtained the password for this user.”

It’s probably the old password from last year’s breach, but I took no chances. I’ve asked them what password was leaked, we’ll see.

UPDATE: No, it wasn’t my password from last year, it was my latest DH password. I am distressed…