Dreamhost "knows" Gmail password?


#1

Hi there,
I have just given some account privileges to a co-worker with a gmail address, and the mail he’s got with login information for the Dreamhost panel includes as a password his own Gmail password. I find this baffling. How can it be that Dreamhost knows this information?


#2

I don’t use the gmail feature with DH, but if you nowhere filled the password in, they shouldn’t know it.
Maybe the email was sent from gmail itself. Did you see the sender of the email?


#3

I have some domains with gmail and some not, but this has nothing to do with it. I went to “Account Privileges > Grant Privileges to a New Person” and just filled in my co-worker’s name and email address, which happens to be a gmail account. He immediately received mail from support@dreamhost.com with his DH panel login data, and the included password was his own gmail password. Very strange.


#4

Talked to DH support, “mystery” explained, not to worry.


#5

so, what was the explanation?


#6

The coworker had used the same password for his GMail account as for a previous DreamHost account he’d opened at that address.


#7

That’s funny because I had written that the coworker had obviously recycled passwords, and then changed my response to a question after I reread jordi’s 3rd response.


#8

It was my guess when I read the original post initially, but since it was only a guess i didn’t post.


#9

should have been obvious, but it had me scratching my head… Thanks for the interest.


#10

Just to follow along completely here. I went ahead and clicked the forgot password link for the panel.

I supplied my email address as requested. I already knew the password would be emailed to me insecurely, what I was shocked to find out is that the “Dreamhost Passworder” also CC: the other 2 email addresses included in my panel profile. Please dreamhost if you absolutely have to insecurely email a password could you please only insecurely mail it to one address.


#11

Shocking! It seems like the stats user has better password security than the web account, or whatever it’s called…