Well, I was using the same password for gmail and dreamhost, because I figured both were secure. Yeah, I know that's bad practice, and I don't do it anymore (I use a password manager for new sites), but I'd set up my dreamhost account a while back, and forgotten I was using my "secure" password.
I'm confused by the directions. If I have 20 usernames did you reset all 20 passwords for these names to random strings and now I just need to pick new passwords of my liking on my own time?
Or do I need to go through all 20 right this moment and change them from their old value to a new value?
Basically do the hackers possibly have access to my ftp accounts or have you already switched my passwords to random strings?
A mass email going out this morning so I could have got on the ball with this and coordinated response with our client management folks would have been a Really Good Thing[tm].
As it was I found out about 4 hours after your first blog post via HN.
We're still hashing out what we're going to do with folks who, last time we instituted a password/process change, wanted a 3-weeks heads-up.
wisty|14 years ago
I won't be the only person doing this.
csmeder|14 years ago
Or do I need to go through all 20 right this moment and change them from their old value to a new value?
Basically do the hackers possibly have access to my ftp accounts or have you already switched my passwords to random strings?
dredmorbius|14 years ago
As it was I found out about 4 hours after your first blog post via HN.
We're still hashing out what we're going to do with folks who, last time we instituted a password/process change, wanted a 3-weeks heads-up.
FML.
shill|14 years ago
dredmorbius|14 years ago
The DreamHost engineer who's been commenting here says the web panel passwords haven't been compromised (I changed ours anyhow).