Leading domain name registrars suffered data breach
Web technology company Web.com and its subsidiaries – domain name registrars Register.com and Network Solutions – have suffered a data breach.
According to the practically identical notices (1, 2, 3), attackers gained unauthorized access to a “limited” number of the organizations’ computer systems in late August 2019 and likely accessed account information for current and former customers.
The compromised info includes contact details such as name, address, phone numbers, email address and information about the services that they offer to a given account holder.
“We store credit card numbers in a PCI (Payment Card Industry) compliant encryption standard and do not believe your credit card information is vulnerable as a specific result of this incident. That said, it is good practice to monitor your credit card account and we encourage you to notify your credit card provider if you see any suspicious charges,” the organizations noted.
They did not say whether passwords (encrypted or not) were accessed.
Scope of the breach
An independent cybersecurity firm was called in to investigate the breach and federal authorities have been notified of it.
The scope of the breach is still unknown. DomainState says the number of domain names registered through Network Solutions is roughly 6.9 million and through Register.com 1.8 million.
“We are notifying affected customers through email and via our website, and as an additional precaution are requiring all users to reset their account passwords,” the companies added – though links to the notices are not prominently featured on their main pages.
The breach was apparently confirmed on October 16, 2019, meaning that the attackers have had quite some time to root through the compromised systems. Perhaps the scope of this breach will end up being much larger.
Until more details are known and shared, customers will have to make do with changing their account password and keeping an eye on their credit card account.