More like this


Domain registrar attacked, customer passwords reset scrambles after data leak

Reports are emerging that Internet registrar has suffered a data breach and is resetting all user passwords.

The breach has been revealed in an e-mail to customers published by TheNextWeb, stating that compromised information could include usernames, e-mail addresses, passwords and credit card information – the last two of which were, however, encrypted.

The company has confirmed the attack with the Tweet below, later backing that up with news that it has used RSA 4096-bit encryption, and the private keys required for the encrypted data were stored in a separate, remote location that wasn't compromised. Similarly, the EPP domain transfer keys were also remotely stored and not accessed.

The company believes the security breach was “motivated by an attempt to gain information on a single, large commercial account at”.

“As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous password in other online systems, we also strongly recommend that you change your password in each of those systems as well”, the company has said in its notification e-mail. ®

Sponsored: OpenStack for enterprise: The tipping point cometh