Domain name registrar and web hosting company Name.com has been hit by a large-scale security breach – which the company said was motivated by an attempt to gain information on one, large commercial account.
The company has reset all passwords as a precaution after the attack, and warned customers that information including usernames, email addresses and passwords, “may have been accessed by unauthorized individuals.”
The company announced via its Twitter feed, “We had some hackers go after a customer. CCs [credit cards] and domains are safe, but you will get an email to change passwords.”
The email said, “It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.”
Name.com reassured customers via its Twitter feed that credit card details were protected by 4096 bit RSA encryption.
In an email sent to customers, reported by TheNextWeb, the company said, “Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format.”
“Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.”
Author Rob Waugh, We Live Security