This article was published on May 8, 2013

Name.com resets all passwords following security breach, says emails and credit cards ‘may have’ been accessed


Name.com resets all passwords following security breach, says emails and credit cards ‘may have’ been accessed

Internet registrar Name.com on Wednesday revealed it was hit by a security breach. The company sent an email to its customers informing them that their usernames, email addresses, passwords, and credit card account information “may have been accessed by unauthorized individuals.”

The good news is that the last two were encrypted, according to Name.com’s email. Details on what encryption was used, however, was not revealed (Update: 4096-bit RSA encryption), but the company did say:

Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.

As a precaution, Name.com has reset all its customers’ passwords. To regain access to your account, you’ll have to choose a new one via the unique link that has been emailed to you.

If you haven’t received an email yet, you should get one soon:

If you use your Name.com password elsewhere, make sure to change it there as well.

The email also noted the security breach was likely an attempt to gain information regarding “a single, large commercial account at Name.com.” The company apologized for the inconvenience and says it has “already implemented additional security measures.”

Unfortunately, Name.com has not shared any details on its blog yet. The good news is that the company is actively tweeting and is working to get a post published soon:

Still, users aren’t so sure about the email, so the company sent out this tweet:

We have contacted Name.com for more information. We will update this post if we hear back.

For reference, the full email body is below, as it appeared below the company’s logo and slogan:

Dear [redacted],

We are writing to inform you of a security meausre we have taken to protect the integrity of the domain names and informaiton associated with your account.

Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.

Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.

As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.

Please click the link below to reset your password:
[link]

We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.

We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email [email protected]. We’ll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.

Thanks,
The Name.com Team

Update on May 10: The blog post is now available.

Top Image credit: Anna Maria Lopez

Get the TNW newsletter

Get the most important tech news in your inbox each week.