Web.com, Network Solutions, and Register.com report “a third-party gained unauthorized access to a limited number of our computer systems in late August 2019“
I have a Register.com account because of my NameJet bidding account. When an expired domain name that is registered at Register.com is auctioned at NameJet and I win the auction, the domain name is provisioned to my Register.com account. Typically, I will quickly unlock the domain name and transfer it to my preferred registrar to consolidate my holdings.
This morning, I received a standard email from Register.com to let me know a domain name I won on NameJet was provisioned to my Register.com account. I logged into my account and was met with a password reset prompt. I changed my password and logged in to my account again, where I noticed a red security message on my account dashboard: “Important Security Information. Click Here to Learn More.”
Upon clicking that link, I was taken to a public-facing notice announcing a security incident:
“On October 16, 2019, Register.com determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.”
Further down on the notice page, the registrar shared what it believes was accessed:
“Our investigation indicates that account information for current and former Register.com customers may have been accessed. This information includes contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.
We encrypt credit card numbers and no credit card data was compromised as a result of this incident.”
You should read the entire notice via Notice.Register.com to see what was shared by Register.com.
Because Register.com is operated by Web.com, I was curious to see if this reported incident is solely related to Register.com or if it impacted other Web.com assets. When I logged in to my Network Solutions account, I was also prompted to change my password. I did not see any security alert notification within my control panel there, but I directly navigated to Notice.NetworkSolutions.com to see if there was a warning message there. In fact, there is a similar message there as well:
“On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.”
Out of curiosity, I visited Notice.Web.com as well, and a similar message is shown there, too.
I visited Notice.NameJet.com and Notice.SnapNames.com as well, but those pages do not resolve so I can only assume this security alert has no impact on those two Web.com businesses.
I reached out to Web.com to see if they have any more information to share, and I was sent a similar statement to what was published online:
“On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.
Upon discovery of this unauthorized access, the company immediately began working with an independent cybersecurity firm to conduct a comprehensive investigation to determine the scope of the incident, including the specific data impacted. Web.com also reported the intrusion to federal authorities and are notifying affected customers.
Safeguarding customers’ information is core to Web.com’s mission. The company is committed to protecting its customers against misuse of their information. Web.com has invested heavily in cybersecurity and will continue to do so as it incorporates key learnings of this incident to further strengthen its cyber defenses.
Please visit notice.web.com for updates and for more information.”
Obviously, a security breach like this is very concerning to me. What is also concerning is that I did not receive an email to proactively notify me of the incident. I searched my email history for emails from Register.com, Network Solutions, and Web.com, and I do not see anything regarding the alert. I looked at the public Twitter accounts for these registrars, and I do not see any mention of the alert. A representative from Web.com told me “Web.com is in the process of notifying affected customers through email and via its website, and as an additional precaution are requiring all users to reset their account passwords.”
While the alert does not mention anything about passwords being accessed, the password reset requirement is alarming. People who have the same account password and login credentials at different registrars should be aware and should consider updating all of those passwords. It is also a very good idea to have 2 factor authentication enabled at registrar accounts.
I am sure there are people who have sensitive domain names they registered privately at a Web.com registrar. If I were in this position, I would be concerned that third parties may have accessed my private registration details. I do not see anything mentioned about unauthorized access to web hosting or email hosting at affected registrars.
Customers should be on alert for any phishing and/or spearphishing emails that could target customers. I would imagine the information that may have been accessed could be used to target customers.
If I learn any more about this security incident, I will share an update or a subsequent article with information.