Name.com Resets All Passwords Following Security Breach - Slashdot

Become a fan of Slashdot on Facebook

×

Name.com Resets All Passwords Following Security Breach 35

Posted by timothy on Wednesday May 08, 2013 @07:04PM from the hope-the-email-went-to-the-right-place dept.

An anonymous reader writes "Internet registrar Name.com on Wednesday revealed it was hit by a security breach. The company sent an email to its customers informing them that their usernames, email addresses, passwords, and credit card account information "may have been accessed by unauthorized individuals.""

This discussion has been archived. No new comments can be posted.

Name.com Resets All Passwords Following Security Breach

Search 35 Comments Log In/Create an Account

Comments Filter:

My Password Wasn't Reset (Score:5, Interesting)

by Secret Agent Man ( 915574 ) writes: on Wednesday May 08, 2013 @07:20PM (#43670341) Homepage

I went in and changed it manually after I saw this, but it was never reset by name.com in the first place...

Share
twitter facebook
Nothing new ... (Score:5, Interesting)

by Cammi ( 1956130 ) writes: on Wednesday May 08, 2013 @07:20PM (#43670345)

This is NOT news. Name.com has had an annual security breach for a minimum of 5 years. This is not news at all.

Share
twitter facebook
Take some additional steps to protect your account (Score:5, Interesting)

by Anonymous Coward writes: on Wednesday May 08, 2013 @08:07PM (#43670741)

This all stemmed from a hacking group trying to get access to Linode through Name.com. You can read more about it here, but keep in mind that Name.com is a very small part of the overall story: https://news.ycombinator.com/item?id=5667027
For those that don't understand, even changing your password won't protect you at this point. The breach hasn't been filled, if that makes sense, as they used a zero day exploit on Name.com (and a few other registrars). Basically, they can still access your account if they want to, whether you change the password or not. I could be entirely wrong about that, but they make no mention of the technical fix, nor has the hacker group said anything about NOT having access any longer.
It is correct that these hackers do not have access to your credit card number, but they can still make charges with your Payment Profile setup in the account. I'd suggest removing any payment profiles to be on the safe side. Also, they can still access your EPP codes because they are able to get into your account. Sure, the codes aren't stored at Name.com (same with the CC info) but they have access to your account. All the hackers need to do is log in to the account, click on a domain, and look at the EPP code being displayed, very simple.
This email they sent out isn't very descriptive of what happened and what could happen. Even users with the NameSafe feature aren't protected, as having admin access bypasses that system. There is a good reason why there wasn't a response for over 24 hours by Name.com and why there still (as of the time I'm writing this) no blog post. Even if a blog post DOES get made, it won't be much more descriptive than the email that went out.
Wonder if Demand Media is regretting that purchase now?

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde