Domain registrar Name.com suffered a data breach and is making sure its customers are resetting their passwords.
The Denver-based firm discovered a breach and possible intruder access to customer account information such as encrypted credentials, credit card numbers and customer email addresses.
“It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com,” the company email said.
Name.com told its customers it uses strong encryption to store payment card data and the encryption keys required to access that data did not suffer compromise. EPP codes required for domain transfers were not lost in the breach, as in the case with the keys, they ended up stored separately from the compromised data.
“We take the matter very seriously,” the email said. “We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.”
Name.com said on its Twitter feed it was staggering the release of notifications to customers and information about password resets.
The company is taking some heat because it is asking its users to click on an email link in order to proceed with a password reset. This is the same tactic a phishing email would use. Name.com does remind its users if they use their passwords on other sites, to change those too.
Webhosting.info said Name.com is the 27th largest registrar by total domains with 498,035; Go Daddy is the leader with more than 25 million domains and 32 percent market share.
This is the second large password breach in the last two weeks. On April 28, daily deal site LivingSocial suffered an attack and hackers accessed user names, email addresses and encrypted passwords. The company suggested more than 50 million users should change their passwords. LivingSocial said hackers did not gain access to credit card data.