Hackers hit domain registrar, access credit card data and passwords
A Denver-based domain name provider has suffered a breach where customers' personal data, including encrypted passwords and credit card information, was compromised.
On Wednesday, Name.com notified customers by email about the incident. The company said the breach appeared to be an attempt by an intruder to “gain information on a single, large commercial account at Name.com,” though an undisclosed number of customers were impacted in the process.
A Name.com customer posted the email on a community forum called MyBB on Wednesday.
“Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals,” the email said. The company added that it stores customer credit card data using a “strong encryption" method and that the private keys required to access the information are stored “physically in a separate remote location that was not compromised.”
Due to the security measure, the company said that it didn't believe customer credit card data could be accessed “in a usable format” by an attacker. Following the breach, Name.com has required all customers to reset their passwords.
On Thursday, SCMagazine.com reached out to Name.com, but did not immediately hear back from the company.
Name.com is the latest among a number of companies to be hit by breaches in recent weeks, including Reputation.com, a Redwood City, Calif.-based business that manages users' online reputation.
Reputation.com told customers that its systems were breach last Tuesday via email, and revealed that customer names, emails and physical addresses, and in some instances, phone numbers, dates of birth and job information were accessed. Encrypted user passwords, which where salted then hashed as an added layer of security, were also compromised.