Name.com Tells Customers To Change Password Due To Breach

Name.com sent an email to customers today regarding a potential security breach. The compromised data was said to potentially include usernames, email addresses, encrypted passwords, and encrypted credit card data.

The official notice read:

Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.

Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.

As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.

We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.

We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email customercare@name.com. We’ll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.

Thanks,
The Name.com Team

Comments

  1. says

    “At which point will be registrars held accountable for such loss of personal data?”

    The answer is NO-because they don’t have to and they can get away with anything they want. Like any politicians and businesses, they can do whatever they want knowing the fact that they won’t be any consequences against them.

  2. says

    they =there

    The only way to fight back is the $$$ in your pants.

    Don’t vote for them and don’t do business with with them- vote with your $$$ in your pants.

  3. says

    Good thing Name had the credit cards encrypted.

    Last year in september one of the retailers where i shop got hacked into. Credit Card info was heavilly encrypted but the email said keep an eye out.
    4 Months later my credit card was blocked since it was being used in high risk countries and lucky for me the bank refused all transactions.

    A week later i got an email from the retailer again that they had strong indications the encryption was broken and i should be aware of unusual transactions.

    Lesson learned, i never let any retailer, webshop have my credit card info onfile, even if it is encrypted. And if the payment process does not include an RSA keycard reader procedure i will not even shop there.

  4. BrianWick says

    Hi Ryan –
    I keep an account at Name.com as well – and could not log in either – so I had to reset the password.
    I never got an email from Name.com as to the breach – searched my delete and junk folders as well.
    They may have just reset all the passwords instead of sending the email ?

  5. BrianWick says

    Disgruntled employee over the demand media purchase ?
    I would have to think – as a precaution – if there are any transfers out in process – they would be cancelled and the owner would be forced to reinitiate them ?

  6. says

    At which point will be registrars held accountable for such loss of personal data?

    If someone demonstrates direct material loss due to this incident, probably.

    The answer is NO-because they don’t have to and they can get away with anything they want. Like any politicians and businesses, they can do whatever they want knowing the fact that they won’t be any consequences against them.

    To be arguably fair, Name.com acknowledged the breach, apologized for it, and stated what they’re doing. But, I guess that’s not enough, even though they risk ire from some people?

Comment Policy:

TheDomains.com welcomes reader comments. Please follow these simple rules:

  • Stay on topic
  • Refrain from personal attacks
  • Avoid profanity
  • Links should be related to the topic of the post
  • No spamming. Listing domains, products, or services will get the comment deleted

We reserve the right to remove comments if we deem it necessary.

Join the Discussion