Name.com hacked! Change your passwords now

by Ruchira on May 11, 2013

HTP

Hack the Planet, the same group which hacked Linode just a few weeks ago, also hacked in to the name.com servers. This news comes with a chain of allegations claimed by HTP ( Hack The Planet ) . According to HTP and to put a long story short, they wanted to break in to a IRC network called swiftIRC and to do that they needed to hack in to the Linode because its the host of SwiftIRC. So to break in to the Linode they decided to break in to Name.com and acquire the linode.com domain. So they broke in to name.com and also at the same time one of HTP’s member found about a cold fusion exploit and they gained access to linode by using that.

Name.com promptly sent an email to their clients asking to reset their login passwords, Here is the email

We are writing to inform you of a security measure we have taken to protect the integrity of the domain names and information associated with your account.

Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.

Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.

As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.

Please click the link below to reset your password:
xxxxxxx

We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.

We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email customercare@name.com. We’ll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.

Thanks,
The Name.com Team

This kind of incidents happen and I think name.com already had good security measures and all to prevent a data leak, but I think they have made a huge mistake by providing a link to reset the passwords because this can be used by hackers again to impersonate name.com and phish peoples login’s by sending fraudulent emails. Whatever, change your passwords now by going directly to name.com if you are a customer.

I'm Ruchira Sahan and all posts on this blog are completely my thoughts and writings. I love DIY and Technology. So feel free to contact me for anything about this blog and don't forget to add a comment if this blog helped you! Thanks
Ruchira
View all posts by Ruchira

Last 5 posts by Ruchira

Previous post:

Next post: