Original URL: http://www.theregister.co.uk/2013/05/09/name_dot_com_data_leak/

Domain registrar attacked, customer passwords reset

Name.com scrambles after data leak

By Richard Chirgwin

Posted in Security, 9th May 2013 01:25 GMT

Reports are emerging that Internet registrar Name.com has suffered a data breach and is resetting all user passwords.

The breach has been revealed in an e-mail to customers published by TheNextWeb, stating that compromised information could include usernames, e-mail addresses, passwords and credit card information – the last two of which were, however, encrypted.

The company has confirmed the attack with the Tweet below, later backing that up with news that it has used RSA 4096-bit encryption, and the private keys required for the encrypted data were stored in a separate, remote location that wasn't compromised. Similarly, the EPP domain transfer keys were also remotely stored and not accessed.

The company believes the security breach was “motivated by an attempt to gain information on a single, large commercial account at Name.com”.

“As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well”, the company has said in its notification e-mail. ®