Blog

44 million Microsoft users reused passwords in the first three months of 2019

Posted by Dave Cahill on Dec 5, 2019 in Security News, Windows | 0 comments

44 million Microsoft users reused passwords in the first three months of 2019

Microsoft used a database of three billion publicly leaked credentials to identify users who reused passwords.

The Microsoft threat research team scanned all Microsoft user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services.

The scan took place between January and March 2019.

Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases.

The scan effectively helped Microsoft identify users who reused the same usernames and passwords across different online accounts.

Password resets have already taken place

The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts.

“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side,” Microsoft said.

“On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced,” it added.

The OS maker has been a staunch advocate and promoter of multi-factor authentication (MFA) solutions.

Earlier this summer, the company said that enabling an MFA security measure for a Microsoft account blocks 99.9% of all attacks and that MFA bypass attempts are so rare its security team doesn’t even have statistics on this type of threat.

Detecting 100% of password reuse cases is impossible

Microsoft typically warns against using weak or easy-to-guess passwords when setting up an account, but these warnings don’t cover password reuse scenarios.

This is because users might be using a complex password that would pass Microsoft’s checks, but Microsoft has no way of knowing if the user has reused that password in other places.

Once a third-party service has a security breach, and the user’s password is stolen and leaked online, this inadvertently puts the user’s Microsoft account at risk, despite having a strong password.

Hackers can take the leaked password and use it in an attempt to gain access to the user’s other accounts — such as Microsoft, Google, Facebook, Twitter, etc.. Microsoft calls this a “breach replay attack.”

A 2018 academic research study of 28.8 million user accounts found that password reuse and small modifications to the original password was common among 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses.

Read the original article over at ZDNet.com.

You Can Still Upgrade to Windows 10 For Free, Here’s How

Posted by Dave Cahill on Dec 2, 2019 in Windows | 0 comments

You Can Still Upgrade to Windows 10 For Free, Here’s How

Back when Windows 10 was first released, Microsoft allowed users of Windows 7 or Windows 8.1 to upgrade to Windows 10 for free. Microsoft officially ended the free upgrade offer in December 2017, but a method still works that allows you to upgrade an older version of Windows to Windows 10 for free.

Microsoft doesn’t talk about that Windows 10 free upgrade offer anymore, but devices with legitimate Windows 7 or Windows 8.1 licenses could be upgraded to Windows 10 for free using the Windows 10 Media Creation Tool.

To get Windows 10, you’ll just have to download and run Media Creation Tool on Windows 7/8/8.1 and upgrade the PC to Windows 10. After the upgrade, connect to the internet and your older Windows license will be converted to a Windows 10 license.

According to a Reddit user who claims to be a Microsoft worker, Windows 10’s free upgrade for a year was ‘marketing fluff’ to maximize the adoption of the operating system. CokeRobot also shed some light on the now-expired Windows 10 free upgrade offer.

“You still can do this no problem, however careful, do an upgrade keeping everything as if you choose to yeet everything and start fresh, you lose your free upgrade. That old 7 license converts to a 10 digital license and from there you can clean install no problem. As for audits, this mainly is for volume licensing than anything. An SMB with 10-200 Windows 7 machines that were OEM licensed don’t really matter. If you try this with 1,000 computers, iffy. At the end of the day, Microsoft had four years to close that loophole and never did so if worse came to worse, you could technically go through legal avenues as the EULA for 10 literally doesn’t have a clause for this at all. You can’t shit on someone taking advantage of an activation workaround when you as the manufacturer never closed it.”

How to upgrade to Windows 10 for free

1. Visit the Windows 10 download page from here.
2. Click the ‘Download Tool now‘ button to download the Windows 10 Media Creation Tool.
   
3. Open the Media Creation Tool and accept the license terms.
4. Select the ‘Upgrade this PC now‘ option and click Next.
   
5. The tool will prompt you as to whether you wish keep everything or start from scratch. Select to Keep all apps and files and continue.
   
6. Once you click on the Install button, Windows 10 will begin to be installed. This process can take quite a while and the computer will restart numerous times.
   
7. After Windows 10 is finished installing, connect to the internet and open Settings > Windows Update > Activation and the PC will be activated with a digital license. You can also enter your Windows 7 or Windows 8.x product key and activate Windows 10 if the device is not already activated.

Remember that the offer works only if you are using a genuine license of Windows 7 or Windows 8.1. By following this guide, you will receive a digital license valid for the life of the hardware.

During the upgrade process, Windows will connect to Microsoft’s activation servers and your PC acquires a digital license or entitlement of Windows 10.

You’ll see “Windows is activated with a digital license” message on Windows activation page (Settings > Update & security > Activation).

The digital license is associated with the device and unless the hardware is changed, you can perform a clean installation of the same edition of Windows 10 with Media Creation Tool or the ISO files, and activation is automatic.

Read the original article over at BleepingComputer.com.

Holiday Scam Season Is Here for All Shoppers

Posted by Dave Cahill on Nov 26, 2019 in Security News, Tips & Tricks | 0 comments

Holiday Scam Season Is Here for All Shoppers

The holiday shopping season is in full swing, with Black Friday and Cyber Monday just around the corner, and scammers have been getting ready to cash in from their fraud campaigns.

While some fraudsters target the online landscape fooling shoppers with lookalike domains, others focus on customers of brick and mortar retail stores.

The latter take advantage of the flood of legitimate discounts to trick potential victims into giving information that could be used for attacks all year round.

Targeting brick and mortar store customers

Researchers at ZeroFOX combed the internet for holiday-themed fraud campaigns and found more than 60,000 potential scams, most of them aimed at consumers in the market for regular products that do not fit the luxury category.

The cybersecurity company noticed that the scammers attracted victims with the promise of gift cards, giveaways, discounts, or coupons.

Since user data was the coveted prize, all cybercriminals had to do was create an appealing post directing victims to malicious websites.

According to ZeroFOX, this type of post is likely advertised found on social media and digital platforms.

The link in the post above leads to a landing page with multiple fake giveaways. The poor design of the page should serve as a warning, and so should the request to input personal information such as phone number, gender, date of birth, and street address.

Most of the keywords likely to lead to a retail scam that were noticed by the researchers during their study are related to gift-giving. However, posts from unknown accounts on social media that contain ‘holiday,’ ‘Christmas,’ ‘Thanksgiving’ or Black Friday and Cyber Monday should also be regarded with suspicion.

“In order to increase visibility, scammers often leverage hashtags in their posts, like #blackfriday, #cybermonday, and #giveaway. This makes these posts more likely to be shown to social media users, based on the social platform’s algorithms, and also makes them searchable. Similarly, scammers may leverage fake accounts to like and share or retweet these scam posts, giving them more legitimacy” – ZeroFOX

Online shoppers also at risk

Cybercriminals diversify their activity and create fake websites for popular brands. ZeroFOX researchers filtered 124,000 domains containing a brand name by the certificate issuer to determine how many were imitating a legitimate business.

Of the 26 brands selected for the report, Apple, Amazon, and Target were the most impersonated. Other big names in the same situation are Tiffany, Sony, Samsung, and Microsoft.

The number of fake websites popping up during the holiday season is on the rise this year, researchers from Check Point note in a report today. Compared to 2018, they observed a %233 increase in phishing URLs for online stores this year.

ZeroFOX says that the fraudulent domains they found can be spotted as they typically combine specific keywords (‘login,’ ‘verify,’ ‘free,’ ‘deal,’ ‘verification,’ ‘coupon’) with a call to action like logging in or verifying an account to continue. Some of the words 

The researchers note that they did not check all the domains that came up during their search but the probability of them serving content is high since they all had a TLS certificate, which requires extra effort.

A small sample of the websites was verified, though, and the results were expected: phishing, giveaway/coupon scams, and some dubious Chrome extensions.The extension in the image above was served from a domain that impersonated Walmart and had more than 60,000 installations and many negative reviews.

Caution during the holiday season is well recommended by security researchers as cybercriminals are getting more creative by the year. It is easy to impersonate a popular brand these days but not becoming a victim is not that difficult.

A legitimate giveaway does not normally ask for more information than a contact detail, most of the time an email address, ZeroFOX notes. If more details are requested, chances are it is a scam.

Some advice to avoid falling to a scam:

1. Be mistrustful of deals that are too good to be true. Huge discounts delivered over email from unknown senders are likely bait for a scam.
2. Domain names for popular brands that have spelling errors or mistakes are not genuine
3. Don’t click on links in emails or social media posts; instead, search the web for a brand’s legitimate website to browse the deals available

Read the original article courtesy of BleepingComputer.com.

Microsoft is bringing Gmail, Google Drive, and Calendar to Outlook.com

Posted by Dave Cahill on Nov 25, 2019 in Google, Windows | 0 comments

Microsoft is bringing Gmail, Google Drive, and Calendar to Outlook.com

Microsoft Outlook is getting full Google integration on the web

Microsoft is planning to integrate Gmail, Google Drive, and Google Calendar into its Outlook.com web mail client. The software maker has started testing this integration on some accounts recently, and Twitter user Florian B was able to access it today. After a quick setup process, you simply link a Google Account to an Outlook.com account, and Gmail, Drive documents, and Google Calendar will all be automatically displayed inside Outlook.com on the web.

It looks very similar to how Outlook for iOS and Android work, with separate inboxes and side-by-side integration in the calendar. We haven’t been able to test the integration on our own Outlook.com accounts at The Verge, but Florian reveals that it seems to be an early test as you can’t add more than one Google Account, and switching between Outlook and Gmail accounts refreshes the entire page.

The Google Drive integration supports documents and files from Google’s service so you can quickly attach them to Outlook or Gmail emails. It’s not clear how many Outlook.com users will get access to this, or when Microsoft will roll this out more broadly. While most people would simply visit Gmail for their mail, this new Outlook integration could be useful for those who use a personal Outlook.com account and a G Suite email account for work.

Microsoft wouldn’t comment on exactly when all users will get access to this new feature in a statement to The Verge. “We are always looking for new ways to extend the best email experience to our customers and can confirm that we’re experimenting with a small set of Outlook.com users to learn and gather feedback,” says a Microsoft spokesperson.

Read the original article over at The Verge.

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

Posted by Dave Cahill on Nov 21, 2019 in Security News, Web & Graphic Design News | 0 comments

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability that has existed since Jetpack 5.1.

You can update your installation to the 7.9.1 version through your dashboard, or manually download the Jetpack 7.9.1 release here.

Jetpack is an extremely popular WordPress plugin that provides free security, performance, and site management features including site backups, secure logins, malware scanning, and brute-force attack protection.

The plugin has over 5 million active installations, and it was developed and it is currently maintained by Automattic, the company behind WordPress.

Not yet exploited in the wild

The vulnerability was found in the way Jetpack processed embed code and Adham Sadaqah was the one credited for responsibly disclosing the security issue.

While not a lot of details were disclosed regarding the security flaw to protect the sites that haven’t yet updated, the announcement made by Jetpack says that the bug impacts all versions starting with the 5.1 release and going back as far as July 2017.

The Jetpack developers state that no evidence was discovered until the release of the critical Jetpack 7.9.1 security update that the vulnerability has been exploited in the wild.

Active Jetpack versions

“However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability,” the developers warn.

The development team also says that they worked with the WordPress.org Security Team to release patches for every version of Jetpack since 5.1 and that “most websites have been or will soon be automatically updated to a secured version.”

Millions already patched

At the moment over four million out of the more than five million WordPress websites that use Jetpack have already been updated according to its entry on the WordPress Plugins site.

“Versions released today include 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9.1, 6.0.1, 6.1.2, 6.2.2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1, 7.9.1,” the Jetpack dev team says.

“If you are running any of these versions, your website is not vulnerable to this issue. But, if you’re not running the latest and greatest—7.9.1—your site is missing other security enhancements!”

Jetpack downloads history

Jetpack received another security update to address an issue found during an internal audit of the Contact Form block in December 2018, and a critical security update patching a vulnerability in the way some Jetpack shortcodes were processed in May 2016.

Last year, hackers also found a method of installing backdoored plugins on WordPress websites using weakly protected WordPress.com accounts and the Jetpack plugin’s remote management feature.

Read the original article courtesy of BleepingComputer.com.

Facebook bug turns on iPhone camera when users scroll through their feed

Posted by Dave Cahill on Nov 15, 2019 in Privacy, Security News, Smart Phones | 0 comments

Facebook bug shows camera activated in background during app use

Some people on Facebook have complained their cameras got turned on while they were looking through Facebook’s app.

When you’re scrolling through Facebook’s app, the social network could be using your camera, concerned users have found. Multiple people have found and reported that their iPhone cameras were turned on in the background while they were looking at their feed.

The issue came to light through several posts on Twitter. Users noted that their cameras were activated behind Facebook’s app as they were watching videos or looking at photos on the social network.

After people clicked on the video to full screen, returning it back to normal would create a bug in which Facebook’s mobile layout was slightly shifted to the right. With the open space on the left, you could now see the phone’s camera activated in the background.

This was documented in multiple cases, with the earliest incident on Nov. 2.

I take the phone back out, but there’s no indication on the lock screen to say audio or video was playing. I unlock the phone, and there’s the video on @Instagram playing away.

— Neo QA (@neo_qa) November 2, 2019

It’s since been tweeted a couple other times, and CNET has also been able to replicate the issue.

Facebook app on iOS 13.2.2 opens my phone’s rear camera when I open a profile photo swipe down to return (look at the little slit on the left of the video). Is this an app bug or an iOS bug?? @facebook @AppleSupport pic.twitter.com/WlhSXZulqx

— Daryl Lasafin (@dzlasafin) November 10, 2019

Guy Rosen, its vice president of integrity, tweeted Tuesday that this seems like a bug and the company’s looking into the matter.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl

— Joshua Maddux (@JoshuaMaddux) November 10, 2019

In another tweet, Rosen said that Facebook is submitting a fix to the App Store on Tuesday.

“We recently discovered our iOS app incorrectly launched in landscape,” Rosen said. “In fixing that last week in v246 we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped. We have no evidence of photos/videos uploaded due to this.”

Rosen later confirmed that Facebook didn’t capture any photos or videos while in the background, noting that it was in preview mode.

Daryl Lasafin, the creative director of marketing agency Dame Digital in the Philippines, said he dismissed the issue when he first noticed it Sunday morning, thinking it was a minor glitch. Then, as he continued using Facebook’s app throughout the day, he couldn’t help but notice his camera kept being activated in the background.

“I thought it was just my phone or the app acting up,” Lasafin said in a direct message. “Then I observed it became more persistent that evening.”

He tried troubleshooting it himself, uninstalling and reinstalling the app, as well as removing Facebook’s access to the camera. The camera still popped up after all that, but after he revoked permissions from Facebook, it was just a black screen, Lasafin said.

The bug appears to only affect the latest iOS versions, and it didn’t happen on Android devices. The Next Web reported that the bug didn’t appear on iOS 12.

The active camera could become another unwanted privacy flap for Facebook, which in July agreed to pay a record $5 billion fine for failing to protect people’s data. Facebook’s track record with privacy doesn’t help the massive social network’s image, though it doesn’t seem to have hurt its growth in users or revenue.

Facebook’s reputation on privacy is so worrying that many people still believe the social network is secretly recording people through their microphones.

The camera bug won’t do the company any favors in dispelling that myth. While Facebook’s app users do give the company permission to use their camera and microphone, there’s no reason it needs to be activated while a person is simply scrolling through the feed or watching a video.

“I gave the Facebook app permission to access my camera to fully use the My Day / Stories feature and upload photos and videos as status,” Lasafin said. “But at the time, evidently, I wasn’t using the app for anything that requires camera access.”

He said he’s since deleted Facebook’s app, out of privacy concerns with the company. He’s not sure if he’ll reinstall the app once the issue is addressed.

Read the original article over at CNet.com.

Apple Can’t Kill A New iOS Jailbreak On Hundreds Of Millions Of iPhones

Posted by Dave Cahill on Nov 11, 2019 in Mac / Apple | 0 comments

Apple Can’t Kill A New iOS Jailbreak On Hundreds Of Millions Of iPhones

One of the more significant jailbreak hacks of an iPhone this year is here. It’s big news for the community of hobbyists known as jailbreakers, who like to remove Apple’s control over the devices.

The jailbreak released today, dubbed “checkra1n,” will let users install whatever they like on the iPhone, with none of Apple’s normal restrictions getting in the way.

Its significance lies in the fact that Apple will struggle to ever fix it, at least in devices up to and including the iPhone X. That’s because the underlying vulnerabilities lie in the “bootrom”—the part of the processor that contains the initial lines of code executed by the processor as it powers on.

“Apple cannot fix it because bootrom cannot be patched after a device leaves the factory,” said a hacker who goes by the name axi0mX. They first identified the problem, which they dubbed checkm8, back in September.

iPhone XR and XS models, and the latest devices, aren’t affected. That still means that the hundreds of millions of older iPhones that Apple has shipped can be jailbroken, axi0mX noted.

For anyone who wants to try to jailbreak their iPhone, axi0mX and a team of other iOS hackers have set up a website as a guide. It’s currently only available for download on macOS PCs. Users can then hook up their iPhone and install the jailbreak.

Beware data loss

For anyone who wants to jailbreak their phone, axi0mX recommended backing up data on iTunes or iCloud due to the risk the phone might lose data.

“There should not be any risk of permanent damage to your device, restoring in iTunes should always fix it.”

Apple hadn’t responded to a request for comment at the time of publication.

Though the vulnerabilities remain on many millions of iPhones, the security threat only rises for those who’ve had their device hacked while not physically controlling it and who’ve continued to use it without rebooting. There are not any known remote exploits that take advantage of the issue. F0r any at-risk users who have sensitive data on their iPhone, such as activists, journalists and politicians, upgrading to a newer device might be necessary.

Using a strong alphanumeric passcode should also help, added axi0mX. “Most people’s risk has not increased. The passcode will protect the data on device on all modern iPhones.”

There are, however, recent examples of iPhones being remotely compromised. Spyware created by Israeli surveillance company NSO Group has allegedly been used to target activists, journalists, lawyers and many others across the world. The tools, which can snoop on all communications and switch on the mic to turn the phone into a remote listening device, were installed via a WhatsApp hack. Facebook, WhatsApp’s owner, is now suing NSO Group as a result.

Read the original article over at Forbes.com.

TrendMicro Employee Sold Customer Info to Tech Support Scammers

Posted by Dave Cahill on Nov 6, 2019 in Privacy, Security News | 0 comments

TrendMicro Employee Sold Customer Info to Tech Support Scammers

TrendMicro has an announced a security incident where an employee was stealing consumer customer information and selling it to a third-party to use in tech support scams.

In August 2019, TrendMicro learned that some of their customers running home security solutions were receiving tech support scam phone calls that impersonated TrendMicro tech support agents.

The scammers utilized information in these calls that led TrendMicro to believe that this was more than a random phone call and that it could have been an insider threat.

“The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack. “

After conducting an investigation, it was determined in October that these phone calls were caused by a TrendMicro employee performing unauthorized access to a customer support database, stealing consumer customer information, and selling it to third-party tech support scammers.

“Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat,” TrendMicro stated in a blog post. “A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.”

After learning the identity of the insider, they terminated their employment and are now working with law enforcement.

According to their investigation, this scam affected less than 1% of TrendMicro’s 12 million consumer customers and only targeted English-speaking users.

No financial information was believed to have been stolen, but this is obviously concerning as these highly targeted attacks could have led to consumers being charged for unnecessary tech support services.

TrendMicro warns that they will never call any of their consumer customers and if a consumer receives a call from someone claiming to be TrendMicro, they should immediately hang up.

As for Enterprise users, TrendMicros’s investigation indicates that no enterprise customer data was accessed as part of this activity.

While this security incident was not an external hack and an insider threat, this is not the first time this year that an unauthorized user gained access to a TrendMicro system. As we reported in May 2019, a hacker gained access to a TrendMicro test lab and was able to allegedly access over 30TB of source code files.

Actively exploited bug in fully updated Firefox is sending users into a tizzy

Posted by Dave Cahill on Nov 5, 2019 in Internet, Security News | 0 comments

Actively exploited bug in fully updated Firefox is sending users into a tizzy

Fraudulent tech-support sites cause Firefox to freeze while displaying scary message.

Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked.

The message, which appears without any any user interaction upon visiting a site, reads:

Please stop and do not close the PC… The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety.

The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled. Below is a GIF showing the attack flow:

The attack works on both Windows and Mac versions of the open source browser. The only way to close the window to is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.

Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites, including d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html. He said the offending code on the site was written specifically to target the browser flaw.

On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. Firefox representatives couldn’t immediately provide information on the status of the bug.

Firefox is hardly alone in having bugs that cause the browsers to hang indefinitely while displaying a confusing or scary page. Chrome has had its share of similar flaws, which have also been exploited in the wild. Google developers have since fixed both of them.

The exploit spotted by Segura is a common subclass of browser lock attacks. This subclass relies on authentication popups. Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks as well.

Segura said he’s aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn’t seen any recent attacks targeting the flaw.

For many people, it’s not clear what to do when a browser becomes unresponsive while displaying a scary or threatening message. The most important thing to do is to remain calm and not make any sudden response. Force quitting the browser can be helpful, but as Segura has found, that fix is far from ideal since the offending site can reload once the browser is restarted. Whatever else people may do, they should never call the phone number displayed.

Read the original article over at ArsTechnica.com.

Network Solutions Discloses Breach

Posted by Dave Cahill on Oct 31, 2019 in Internet, Security News | 0 comments

World’s First Domain Registrar Network Solutions Discloses Breach

World’s first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company’s computing systems without authorization and potentially access some customers’ personally identifiable information (PII).

Network Solutions is a Web.com subsidiary since 2011 when it was acquired for $405 million and 18 million shares. The company provides customers with “reliable website services like domains, hosting, security, professional email and more.”

Network Solutions entered into a cooperative agreement with the National Science Foundation (NSF) for services including the domain name registration services on December 31, 1992.

No credit card info exposed in the breach

“On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed,” says the breach notice. “No credit card data was compromised as a result of this incident.”

Network Solutions hired an independent cybersecurity firm to investigate the incident immediately after discovering the security breach. They also reported it to federal authorities and are in the process of notifying all impacted customers.

Account data of both current and former customers may have been accessed during the intrusion, with the information including “contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.”

No credit card data was compromised in the attack according to the company given that credit card numbers are stored in an encrypted form.

We store credit card numbers in a PCI (Payment Card Industry) compliant encryption standard and do not believe your credit card information is vulnerable as a specific result of this incident. That said, it is good practice to monitor your credit card account and we encourage you to notify your credit card provider if you see any suspicious charges. — Network Solutions

All user passwords to be reset

Besides contacting all affected customers, Network Solutions will also require its users to reset their account passwords the next time they log in as an additional precautionary measure.

“As with any online service or platform, it is also good security practice to change your password often and use a unique password for each service,” adds the company.

“Safeguarding our customer’s information is core to our mission. We are committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity,” Network Solutions says. “We will continue to do so as we incorporate the key learnings of this incident to further strengthen our cyber defenses.”

Not the first breach

This is the second time Network Solutions was impacted by a security breach. The company also alerted its customers on July 2009 that “unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company.”

“The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring. Exposure varied by merchant, but in all cases took place sometime between March 12, 2009 and June 8, 2009,” Network Solutions also disclosed at the time.

BleepingComputer asked Network Solutions to specify the number of customers impacted in the security breach since this information was not disclosed but did not hear back at the time of publication.

Update October 30, 18:43 EDT: Network Solutions’ parent company Web.com was also breached, together with Register.com, another subsidiary acquired in June 2010.

Read the original article over at BleepingComputer.com.