On Wednesday, domain registrar Name.com sent an email to all of their customers, disclosing a security incident that may have compromised some sensitive information. Financial data however, was not impacted due to the company’s security measures.
In a letter to customers, Name.com said that the discovered breach impacted usernames, email addresses, and encrypted passwords and encrypted credit card account information, which “may have been accessed by unauthorized individuals.”
The company suspects the attackers behind the breach were actually targeting a large commercial customer, however, they didn’t expand on that speculation. Despite the fact that such information may have been accessed, Name.com says that financial data is believed to be safe.
“Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format,” the customer letter explains.
Additionally, the company says that there have been no reports of the compromised data being used for fraudulent activities.
In order to play things safe, Name.com has instituted a forced password reset across the entire customer base. A password reset link was provided in the email, which some customers were initially suspicious of until the Name.com Twitter account confirmed its legitimacy.
“We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information. We sincerely apologize for the inconvenience…,” the letter concludes in part.
