Web.com, owner of top domain registrars NetworkSolutions.com and Register.com, has issued a security notice informing customers of a breach that took place in late August 2019. In the notice they state that as a result of unauthorized access from a third-party, customer account information may have been obtained. They proceed to outline what information was involved, which includes contact details such as name, address, phone numbers, email addresses, and services used. Fortunately, they state that credit card and password data is stored as encrypted data. Therefore, this information was not compromised as a result of the breach.
However, they are taking the appropriate measures to ensure security going forward and are requiring customers to reset their password the next time they log into their account. Even though the most critical data, credit cards and passwords, were encrypted and not believed to be leaked, this is a smart step to take. Any time you catch wind of a company you hold an account with having a chance of being breached, you should proceed with changing your account password.
Initially this incident may seem like a minor one, but given the place of domain name registrars in the grand scheme of the internet, it could have been a very serious problem. Registrars, like NetworkSolutions.com, sell the website names like Sikich.com and translate them to their host server IP address. This service is key in the functionality of the internet. If an attacker was able to gain access to a company’s registrar, they could take control of their website.
Consider for instance if your bank’s registrar was compromised. Attackers could use their access to make the bank’s web address go to a copycat website that runs on servers they control, instead of the server at the bank’s webhost. On your end you would browse to the bank’s website using the same address you always do, be greeted by a familiar looking web page, and proceed to enter your credentials to login. What you wouldn’t be aware of was that the website you were on was on created by attackers to mirror the banks actual website. When you entered your credentials, instead of securely signing you into your account they were instead delivered to the attacker. At this point the attackers would have gathered hundreds or thousands of usernames and passwords, which they could then sell on the dark web or use themselves to attempt to make malicious transactions.
This situation is a good reminder to keep a look out for news about companies that you directly, and indirectly, do business with. Not only is your favorite coffee shop the target of attackers, the behind-the-scenes companies that provide services they depend upon to operate are targets as well.