Leading Domain Registrars Hacked

Leading domain name registrars Name.com, Melbourne IT, Moniker and Xinnet have admitted they were hacked in a brazen cyberattack last week, with the four companies believed to be responsible for around six million domain name registrations.Name.com have given the most comprehensive coverage of what happened on their blog, saying that their security team alerted the company “that unauthorised individuals had accessed [their] database. After doing some digging [the company] found that the attack seemed to be geared toward a few specific accounts. The hackers had a target and name.com was a means to that end.”The posting goes on to note “the information that was accessed includes usernames, passwords, physical addresses, email, hashed passwords and encrypted credit card data. EPP codes (required for domain name transfers) are not stored in the same place so those were not compromised.” To help out the “techies who are wondering”, they explain the “encryption on the credit card information is 4096 bit RSA.”All customers were required to do a password reset since the password hashes were compromised.The registrar, with almost half a million registrations, is the 27th largest registrar by total domains, according to Webhosting.info.The hack is believed to have been done by hacker group Hack the Planet (HTP) who have claimed responsibility in their attempt to hack into Linode, a virtual private server hosting firm, reported IDG.However the method of advising clients of the hack and to reset passwords was criticised in some quarters. The alert email advising of the hack “instructed recipients to click on a link in order to perform a password reset, a method that was criticised by some users and security researchers, because it resembles that used in phishing attacks,” said the IDG report.”The problem with encouraging people to click email-borne links (which could have come from anywhere, or could point to anywhere) for anything relating to logging in or password reset is this: it softens them up to email links that end up at ‘enter your password’ dialogues, wrote Paul Ducklin on the Sophos NakedSecurity blog.”That plays into the hands of phishers, so please don’t do it.”