Name.com sent an email to customers today regarding a potential security breach. The compromised data was said to potentially include usernames, email addresses, encrypted passwords, and encrypted credit card data.
The official notice read:
Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.
Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.
As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.
We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.
We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email email@example.com. We’ll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.
The Name.com Team
At which point will be registrars held accountable for such loss of personal data?
“At which point will be registrars held accountable for such loss of personal data?”
The answer is NO-because they don’t have to and they can get away with anything they want. Like any politicians and businesses, they can do whatever they want knowing the fact that they won’t be any consequences against them.
The only way to fight back is the $$$ in your pants.
Don’t vote for them and don’t do business with with them- vote with your $$$ in your pants.
I found out that my account there was hacked into by someone in Bronx, NY on March 10th,
but everything seems to be okay.
Now imagine someone hacked DLS or MLS… how many names would shift hands in a matter of a second?
Registrar should be more stringent when it comes to security.
Good thing Name had the credit cards encrypted.
Last year in september one of the retailers where i shop got hacked into. Credit Card info was heavilly encrypted but the email said keep an eye out.
4 Months later my credit card was blocked since it was being used in high risk countries and lucky for me the bank refused all transactions.
A week later i got an email from the retailer again that they had strong indications the encryption was broken and i should be aware of unusual transactions.
Lesson learned, i never let any retailer, webshop have my credit card info onfile, even if it is encrypted. And if the payment process does not include an RSA keycard reader procedure i will not even shop there.
Ryan Jenkins says
This is funny, because I couldn’t log into my account at name today, before this article, I had to do a password reset, wtf serious stuff here name
Blame it on N.Korea, China, Iraq, Russia and etc
Hi Ryan –
I keep an account at Name.com as well – and could not log in either – so I had to reset the password.
I never got an email from Name.com as to the breach – searched my delete and junk folders as well.
They may have just reset all the passwords instead of sending the email ?
Jeff Schneider says
Was Moniker hacked as well?
Gratefully, JeffSchneider (Contact Group0 (Metal Tiger)
Michael Berkens says
According to this story they were but haven’t gotten any confirmation:
Michael Berkens says
We just got a notice for our own name.com account just minutes ago and hours after we posted the notice that another customer received.
Therefore the notices seem to still be going out
Ryan Jenkins says
Name is all messed up, I was trying to move some names from another registar into name, and the system is down. Looks like they have taken some functions offline, bigger than we think.
Disgruntled employee over the demand media purchase ?
I would have to think – as a precaution – if there are any transfers out in process – they would be cancelled and the owner would be forced to reinitiate them ?
Domo Sapiens says
If I am reading correctly (Domain Name Wire) this happened late last year…
if so and all things considered ….
Shame on them.
Dave Zan says
If someone demonstrates direct material loss due to this incident, probably.
To be arguably fair, Name.com acknowledged the breach, apologized for it, and stated what they’re doing. But, I guess that’s not enough, even though they risk ire from some people?