[BreachExchange] The World’s First Internet Domain Name Provider Confirms Data Breach

Destry Winant destry at riskbasedsecurity.com
Thu Oct 31 10:10:55 EDT 2019


https://www.forbes.com/sites/daveywinder/2019/10/31/the-worlds-first-internet-domain-name-provider-confirms-data-breach/#3d43df583016

Network Solutions was the world's first internet domain provider,
having won a grant from the National Science Foundation (NSF) back in
1991 and given an exclusive contract to be the sole name registrar for
the .com, .net and .org domains a year later. According to
DomainState, Networks Solutions, now owned by Web.com, is currently
the fifth-largest domain name registrar accounting for close on seven
million domains. Along with another domain name registrar,
Register.com, and parent Web.com, Network Solutions has confirmed it
has been hacked. Here's everything that is known so far.

When did the data breach occur?

On October 30, Web.com confirmed that all three registrars had been
the victim of a data breach in August 2019. The same disclosure
notice, with just the organization name changed, was published across
all three sites to users attempting to log into their accounts.

This explained that, on October 16, the company had "determined that a
third-party gained unauthorized access to a limited number of our
computer systems in late August 2019, and as a result, account
information may have been accessed."

Was credit card data compromised?

The statement went on to state that no credit card data was
compromised during the incident that has been reported to federal
authorities. The notice confirmed that credit card numbers are stored
in a PCI (Payment Card Industry) compliant encryption standard, which
means the company does not "believe your credit card information is
vulnerable as a specific result of this incident." It does, however,
encourage customers to monitor their card accounts and notify the
credit card provider if any suspicious charges are found.

Have passwords been stolen?

As users are being asked to reset their account passwords, it seems
pertinent to wonder if passwords were amongst the information for
current and former customers accessed by the attacker. According to
the disclosure, the information included "contact details such as
name, address, phone numbers, email address and information about the
services that we offer to a given account holder." But there was no
mention of passwords. A Web.com spokesperson told investigative
journalist Brian Krebs, that "We encrypt account passwords and do not
believe this information is vulnerable as a specific result of this
incident." The password resets were just an "added precautionary
measure," according to the spokesperson.

PROMOTED

Present and past customers who are concerned their data could have
been compromised by this breach can get more information by calling
1-866-906-0477 or for international customers, calling 1-570-708-8785,
the disclosure notice stated.

What can be done to mitigate such attacks?

Anna Russell, vice-president at comforte AG, says that "with an
ever-increasing attack surface, it is almost impossible for
organizations to make their perimeter and their systems impenetrable."
A logical consequence of this is that they must apply security
measures to the data itself so that a data breach gets nullified
because the extracted information is useless to the attacker, Russell
says.  "Forcing users to reset their passwords is fine, but how will
it prevent the same breach from happening again," says Stuart Sharp,
vice-president of solution engineering at OneLogin, who continues,
"organizations need to implement solutions like multi-factor
authentication (MFA) as a method of protecting their users and their
data." Eoin Keary, CEO and co-founder of edgescan, agrees that these
organizations should all have enabled MFA on all logins. "The lack of
strong authentication is not uncommon, but not complex to fix," Keary
says, "MFA can vary in complexity, starting from a simple SMS unique
code being sent to the user, to the likes of Google authenticator or
even a client-side certificate."


More information about the BreachExchange mailing list