The World’s First Internet Domain Name Provider Confirms Data Breach

Internet Solutions data breach confirmed

The fifth-largest internet domain name provider confirms data breach

Getty

Network Solutions was the world's first internet domain provider, having won a grant from the National Science Foundation (NSF) back in 1991 and given an exclusive contract to be the sole name registrar for the .com, .net and .org domains a year later. According to DomainState, Networks Solutions, now owned by Web.com, is currently the fifth-largest domain name registrar accounting for close on seven million domains.

Along with another domain name registrar, Register.com, and parent Web.com, Network Solutions has confirmed it has been hacked. Here's everything that is known so far.

When did the data breach occur?

On October 30, Web.com confirmed that all three registrars had been the victim of a data breach in August 2019. The same disclosure notice, with just the organization name changed, was published across all three sites to users attempting to log into their accounts.

This explained that, on October 16, the company had "determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed."

Was credit card data compromised?

The statement went on to state that no credit card data was compromised during the incident that has been reported to federal authorities. The notice confirmed that credit card numbers are stored in a PCI (Payment Card Industry) compliant encryption standard, which means the company does not "believe your credit card information is vulnerable as a specific result of this incident." It does, however, encourage customers to monitor their card accounts and notify the credit card provider if any suspicious charges are found.

Have passwords been stolen?

As users are being asked to reset their account passwords, it seems pertinent to wonder if passwords were amongst the information for current and former customers accessed by the attacker. According to the disclosure, the information included "contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder." But there was no mention of passwords. A Web.com spokesperson told investigative journalist Brian Krebs, that "We encrypt account passwords and do not believe this information is vulnerable as a specific result of this incident." The password resets were just an "added precautionary measure," according to the spokesperson.

Present and past customers who are concerned their data could have been compromised by this breach can get more information by calling 1-866-906-0477 or for international customers, calling 1-570-708-8785, the disclosure notice stated.

What can be done to mitigate such attacks?

Anna Russell, vice-president at comforte AG, says that "with an ever-increasing attack surface, it is almost impossible for organizations to make their perimeter and their systems impenetrable." A logical consequence of this is that they must apply security measures to the data itself so that a data breach gets nullified because the extracted information is useless to the attacker, Russell says.

"Forcing users to reset their passwords is fine, but how will it prevent the same breach from happening again," says Stuart Sharp, vice-president of solution engineering at OneLogin, who continues, "organizations need to implement solutions like multi-factor authentication (MFA) as a method of protecting their users and their data."

Eoin Keary, CEO and co-founder of edgescan, agrees that these organizations should all have enabled MFA on all logins. "The lack of strong authentication is not uncommon, but not complex to fix," Keary says, "MFA can vary in complexity, starting from a simple SMS unique code being sent to the user, to the likes of Google authenticator or even a client-side certificate."

">

Network Solutions was the world's first internet domain provider, having won a grant from the National Science Foundation (NSF) back in 1991 and given an exclusive contract to be the sole name registrar for the .com, .net and .org domains a year later. According to DomainState, Networks Solutions, now owned by Web.com, is currently the fifth-largest domain name registrar accounting for close on seven million domains.

Along with another domain name registrar, Register.com, and parent Web.com, Network Solutions has confirmed it has been hacked. Here's everything that is known so far.

When did the data breach occur?

On October 30, Web.com confirmed that all three registrars had been the victim of a data breach in August 2019. The same disclosure notice, with just the organization name changed, was published across all three sites to users attempting to log into their accounts.

This explained that, on October 16, the company had "determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed."

Was credit card data compromised?

The statement went on to state that no credit card data was compromised during the incident that has been reported to federal authorities. The notice confirmed that credit card numbers are stored in a PCI (Payment Card Industry) compliant encryption standard, which means the company does not "believe your credit card information is vulnerable as a specific result of this incident." It does, however, encourage customers to monitor their card accounts and notify the credit card provider if any suspicious charges are found.

Have passwords been stolen?

As users are being asked to reset their account passwords, it seems pertinent to wonder if passwords were amongst the information for current and former customers accessed by the attacker. According to the disclosure, the information included "contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder." But there was no mention of passwords. A Web.com spokesperson told investigative journalist Brian Krebs, that "We encrypt account passwords and do not believe this information is vulnerable as a specific result of this incident." The password resets were just an "added precautionary measure," according to the spokesperson.

Present and past customers who are concerned their data could have been compromised by this breach can get more information by calling 1-866-906-0477 or for international customers, calling 1-570-708-8785, the disclosure notice stated.

What can be done to mitigate such attacks?

Anna Russell, vice-president at comforte AG, says that "with an ever-increasing attack surface, it is almost impossible for organizations to make their perimeter and their systems impenetrable." A logical consequence of this is that they must apply security measures to the data itself so that a data breach gets nullified because the extracted information is useless to the attacker, Russell says.

"Forcing users to reset their passwords is fine, but how will it prevent the same breach from happening again," says Stuart Sharp, vice-president of solution engineering at OneLogin, who continues, "organizations need to implement solutions like multi-factor authentication (MFA) as a method of protecting their users and their data."

Eoin Keary, CEO and co-founder of edgescan, agrees that these organizations should all have enabled MFA on all logins. "The lack of strong authentication is not uncommon, but not complex to fix," Keary says, "MFA can vary in complexity, starting from a simple SMS unique code being sent to the user, to the likes of Google authenticator or even a client-side certificate."

Follow me on Twitter or LinkedIn. Check out my website.

I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Sec

...