Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Name.com Resets Passwords after Breach

On Wednesday, domain registrar Name.com sent an email to all of their customers, disclosing a security incident that may have compromised some sensitive information. Financial data however, was not impacted due to the company’s security measures.

On Wednesday, domain registrar Name.com sent an email to all of their customers, disclosing a security incident that may have compromised some sensitive information. Financial data however, was not impacted due to the company’s security measures.

In a letter to customers, Name.com said that the discovered breach impacted usernames, email addresses, and encrypted passwords and encrypted credit card account information, which “may have been accessed by unauthorized individuals.”

The company suspects the attackers behind the breach were actually targeting a large commercial customer, however, they didn’t expand on that speculation. Despite the fact that such information may have been accessed, Name.com says that financial data is believed to be safe.

“Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format,” the customer letter explains.

Additionally, the company says that there have been no reports of the compromised data being used for fraudulent activities.

In order to play things safe, Name.com has instituted a forced password reset across the entire customer base. A password reset link was provided in the email, which some customers were initially suspicious of until the Name.com Twitter account confirmed its legitimacy.

“We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information. We sincerely apologize for the inconvenience…,” the letter concludes in part.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.