I don't know if this info will help anyone else but I spent a while last night trying to get back into the Dreamhost panel.
My user was the second user on this account (fortunately the primary user was not affected so that's how I was able to get in)
This user was set up more than 3 years ago, using the old panel and WebID setup. The only way it worked was WebID name, password. The password happened to be the same as the FTP one that was compromised, the username was completely different.
It still worked Monday, the last time I logged in with that WebID.
The only way I was able to recreate a second account that worked was to recind the privileges for that user and assign panel access to an email address. I am now able to get back in as a new member.
My best guess (because of some other info I noticed that I won't post here) is that there was a leak when they changed the Control panel interface (fixed the log-in page).