Name.com Tells Customers To Change Password Due To Breach

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.thedomains.com/2013/05/08/name-com-tells-customers-to-change-password-due-to-breach/

Name.com sent an email to customers today regarding a potential
security breach. The compromised data was said to potentially include
usernames, email addresses, encrypted passwords, and encrypted credit
card data.

The official notice read:

Name.com recently discovered a security breach where customer account
information including usernames, email addresses, and encrypted
passwords and encrypted credit card account information may have been
accessed by unauthorized individuals. It appears that the security
breach was motivated by an attempt to gain information on a single,
large commercial account at Name.com.

Name.com stores your credit card information using strong encryption
and the private keys required to access that information are stored
physically in a separate remote location that was not compromised.
Therefore, we don’t believe that your credit card information was
accessed in a usable format. Additionally, your EPP codes (required
for domain transfers) were unaffected as they are also stored
separately. We have no evidence to suggest that your data has been
used for fraudulent activities.

As a response to these developments, and as a precautionary measure,
we are requiring that all customers reset their passwords before
logging in. If you use your previous Name.com password in other online
systems, we also strongly recommend that you change your password in
each of those systems as well.

We take this matter very seriously. We’ve already implemented
additional security measures and will continue to work diligently to
protect the safety and security of your personal information.

We sincerely apologize for the inconvenience. If you need any
additional assistance or have any questions please email
customercare () name com. We’ll continue to be as open and honest with
you as possible as additional important information becomes available,
so keep your eye out for a blog post or additional emails.

Thanks,
The Name.com Team
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.