Domain retailer Name.com has been hacked, the company has informed customers today, with usernames, email addresses, and encrypted passwords and credit card details all stolen from the company’s servers. The hack, Name.com said in an email to registered users, is believed to have targeted “information on a single, large commercial account” with the company, with the other stolen data being taken along for the ride.
However, Name.com is also keen to point out that, even though the data has fallen into unauthorized hands, the most important parts are encrypted. Credit card details, stored at the site for easier domain registration renewals, had their private encryption keys “stored physically in a separate remote location that was not compromised,” Name.com insisted.
Meanwhile, the EPP codes needed for domain transfers are also safe, since they too are stored in a different location to the bulk the user registration data. “We have no evidence to suggest that your data has been used for fraudulent activities” Name.com concludes.
Nonetheless, all Name.com subscribers will have to change their password before they can log back into their account, even if their information wasn’t among that extracted. The company also suggests changing your login credentials if you use the same username and password combination with other sites and services.
Data hacks have become more commonplace in recent years, as databases of consumer information become increasingly tempting to spammers, those committing credit card fraud, and other criminals. Last month, Amazon-owned daily deals site LivingSocial admitted that its servers had been compromised, with data of 50m users extracted.