Hi all,

This is probably a very basic question, but it has recently come to my attention that the support team of the webhost that is hosting my website+database (shared hosting) can create a new user with full privileges and access my database.

Is this normal? Seems like a bit of a security gap...
Can I prevent this?

Thanks!

if you think its a problem then you need to contact your ISP
essentially by having your site hosted by a third party there has to be an element of trust between the two of you.

depending on the size of the ISP it may well be that the support team is also the technical team who would almost de facto have access to your db, just that you didn't know it.

so I'd suggest you need to discuss your secrecy / privacy arrangements with the ISP
also you need to design your system to make it as hared as possible for the malicious abuser to profit from your data

Administrators can always access anyones information, whether this is Windows, Linux, MySQL or whatever. This is needed to be able to help with support type issues and general maintenance (taking backups etc).