A misconfigured cloud database belonging to one of the biggest website hosting providers has exposed 814 million records online. 

Discovered on April 26 by Jeremiah Fowler, the treasure trove of data was left online with no password protection by US hosting provider DreamHost. 

The 814 million records found were traced back to DreamPress, DreamHost’s managed WordPress hosting service, and dated back to 2018.

Of the 86GB database discovered, admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, timestamps, host IP addreszses, and configuration and security information were exposed. 

Some of the leaked information was linked to users with .gov and .edu email addresses.

Within hours of being notified, DreamHost secured the database.

It is not clear as to how long the database had been exposed for - thus potentially putting users at risk of phishing.

”This appears to be the first security incident affecting Dreamhost in nearly a decade. In November 2012 a PasteBin user posted a dump of server information that appeared to belong to DreamHost,” said Fowler.