Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.
“On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said in a written statement. “No credit card data was compromised as a result of this incident.”
Jacksonville, Fla.-based Web.com said the information exposed includes “contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.”
The “such as” wording made me ask whether the company has any reason to believe passwords — scrambled or otherwise — were accessed.
A spokesperson for Web.com later clarified that the company does not believe customer passwords were accessed.
“We encrypt account passwords and do not believe this information is vulnerable as a specific result of this incident. As an added precautionary measure, customers will be required to reset passwords the next time they log in to their accounts. As with any online service or platform, it is also good security practice to change passwords often and use a unique password for each service.”
Both Network Solutions and Register.com are owned by Web.com. Network Solutions is now the world’s fifth-largest domain name registrar, with almost seven million domains in its stable, according to domainstate.com; Register.com listed at #17 with 1.7 million domains.
NetworkSolutions.com does not appear to currently link to any information about the incident on its homepage, nor does Web.com. To get to the advisory, one needs to visit notice.web.com.
Web.com said it has reported the incident to law enforcement and hired an outside security firm to investigate further, and is in the process of notifying affected customers through email and via its website.
The company says it plans to circle back with customers when it learns the results of its investigation, but I wonder whether we’ll ever hear more about this breach.
Web.com wasn’t clear how long the intrusion lasted, but if the breach wasn’t detected until mid-October that means the intruders potentially had about six weeks inside unnoticed. That’s a long time for an adversary to wander about one’s network, and plenty of time to steal a great deal more information than just names, addresses and phone numbers.
H/T to domaininvesting.com‘s Elliot Silver for the heads up on this notification.
Last Friday people in my contacts started getting phishing emails, and it got worse on Monday. They all look like they come from my work email, and my business is hosted by web.com. My son got one of them and after a little research found this info on krebson security. This was the first we heard of web.com getting breached-we received no notice from them. Our servers were all down for 2 days the end of Oct. and they never told us why. I tried calling them about it but the hold time was too long, and they never answered my email to their customer service. We are looking into a different host, but it sounds like they all have issues. I wouldn’t recommend web.com to my worst competitor. (or would I?)