Web.com Reports Security Incident at Its Registrars

10

Web.com, Network Solutions, and Register.com report “a third-party gained unauthorized access to a limited number of our computer systems in late August 2019

I have a Register.com account because of my NameJet bidding account. When an expired domain name that is registered at Register.com is auctioned at NameJet and I win the auction, the domain name is provisioned to my Register.com account. Typically, I will quickly unlock the domain name and transfer it to my preferred registrar to consolidate my holdings.

This morning, I received a standard email from Register.com to let me know a domain name I won on NameJet was provisioned to my Register.com account. I logged into my account and was met with a password reset prompt. I changed my password and logged in to my account again, where I noticed a red security message on my account dashboard: “Important Security Information. Click Here to Learn More.”

Upon clicking that link, I was taken to a public-facing notice announcing a security incident:

“On October 16, 2019, Register.com determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.”

Further down on the notice page, the registrar shared what it believes was accessed:

“Our investigation indicates that account information for current and former Register.com customers may have been accessed. This information includes contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.

We encrypt credit card numbers and no credit card data was compromised as a result of this incident.”

You should read the entire notice via Notice.Register.com to see what was shared by Register.com.

Because Register.com is operated by Web.com, I was curious to see if this reported incident is solely related to Register.com or if it impacted other Web.com assets. When I logged in to my Network Solutions account, I was also prompted to change my password. I did not see any security alert notification within my control panel there, but I directly navigated to Notice.NetworkSolutions.com to see if there was a warning message there. In fact, there is a similar message there as well:

“On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.”

Out of curiosity, I visited Notice.Web.com as well, and a similar message is shown there, too.

I visited Notice.NameJet.com and Notice.SnapNames.com as well, but those pages do not resolve so I can only assume this security alert has no impact on those two Web.com businesses.

I reached out to Web.com to see if they have any more information to share, and I was sent a similar statement to what was published online:

“On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.

Upon discovery of this unauthorized access, the company immediately began working with an independent cybersecurity firm to conduct a comprehensive investigation to determine the scope of the incident, including the specific data impacted. Web.com also reported the intrusion to federal authorities and are notifying affected customers.

Safeguarding customers’ information is core to Web.com’s mission. The company is committed to protecting its customers against misuse of their information. Web.com has invested heavily in cybersecurity and will continue to do so as it incorporates key learnings of this incident to further strengthen its cyber defenses.

Please visit notice.web.com for updates and for more information.”

Obviously, a security breach like this is very concerning to me. What is also concerning is that I did not receive an email to proactively notify me of the incident. I searched my email history for emails from Register.com, Network Solutions, and Web.com, and I do not see anything regarding the alert. I looked at the public Twitter accounts for these registrars, and I do not see any mention of the alert. A representative from Web.com told me “Web.com is in the process of notifying affected customers through email and via its website, and as an additional precaution are requiring all users to reset their account passwords.”

While the alert does not mention anything about passwords being accessed, the password reset requirement is alarming. People who have the same account password and login credentials at different registrars should be aware and should consider updating all of those passwords. It is also a very good idea to have 2 factor authentication enabled at registrar accounts.

I am sure there are people who have sensitive domain names they registered privately at a Web.com registrar. If I were in this position, I would be concerned that third parties may have accessed my private registration details. I do not see anything mentioned about unauthorized access to web hosting or email hosting at affected registrars.

Customers should be on alert for any phishing and/or spearphishing emails that could target customers. I would imagine the information that may have been accessed could be used to target customers.

If I learn any more about this security incident, I will share an update or a subsequent article with information.

10 COMMENTS

  1. “a third-party gained unauthorized access to a limited number of its computer systems in late August 2019”

    2 (TWO) MONTHS LATER…

    “Web.com is in the process of notifying affected customers through email and via its website”

    • The notice says “On October 16, 2019, Web.com determined…”

      Although the breach seems to have occurred in August, the company came to the determination a couple of weeks ago.

      I do not know if 2 weeks is a long time to notify people or not. I also don’t know when the notice was published. It could have been today or could have been 2 weeks ago – I do not know. All that I know is that I came across it because I logged in to my Register.com account for the first time in a long time.

  2. Thank you Elliot,just tried signing in to my network solutions account and was met with a reset password after i answered the sec questions.

    Thank you for the alert.I advise others to do same as soon as possible.

    Moving all my remaining names from network solutions.

    Unreliable service and risky to leave your names there.

  3. I think taking 2 weeks to act is terrible and indicates incompetency at the upper level of management.

    If someone breaks into your store, do you leave the broken door open for 2 weeks?
    No, you check to see what is missing. And, call someone to fix the door immediately.

    They should have put the “change password” in place within 24 hours of discovering the break in.
    Then, let the cyber people figure out what was taken.

    I wonder if any domains were stolen?

    I logged into Netsol this morning and encountered the password change.
    However, I did not read all of the stuff. Thank you for letting us know.

  4. I never bid on NJ anymore. They can’t even afford an ssl certificate for the site. Imagine how else they handle things. I mentioned this a month ago. Confidential Data Leakage IMO, but hey I,m sure the $100 in savings is worth it.

  5. 6+ weeks of hack access WOW .
    They trusted the wrong “heavy” cyber secruity
    And sounds like they still haven’t determined the “scope”
    This could be huge.
    Interesting it’s not mainstream reported.
    IMO -Short the stock…..

Leave a Reply