“Prevention is ideal but detection is a must.”
That is what my immediate reaction was to DreamHost announcing it has detected an intrusion. I love that.
How many companies would even notice before all their customers were calling asking why they were owned?compan
How many companies would refuse to talk about security incidents or blame the customer?
How many would take the PR hit to preëmptively perform password resets immediately instead of waiting until the investigation was complete. A week, or a month from now we could know that the passwords were’t gotten, but in an abundance of caution action is taken now to prevent damange.
Maybe I’ve drunk on the koolaid, but I think DreamHost did the right things from the reports I’ve seen.