World’s First Domain Registrar Network Solutions Discloses Breach
World’s first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company’s computing systems without authorization and potentially access some customers’ personally identifiable information (PII).
Network Solutions is a Web.com subsidiary since 2011 when it was acquired for $405 million and 18 million shares. The company provides customers with “reliable website services like domains, hosting, security, professional email and more.”
Network Solutions entered into a cooperative agreement with the National Science Foundation (NSF) for services including the domain name registration services on December 31, 1992.
No credit card info exposed in the breach
“On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed,” says the breach notice. “No credit card data was compromised as a result of this incident.”
Network Solutions hired an independent cybersecurity firm to investigate the incident immediately after discovering the security breach. They also reported it to federal authorities and are in the process of notifying all impacted customers.
Account data of both current and former customers may have been accessed during the intrusion, with the information including “contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.”
No credit card data was compromised in the attack according to the company given that credit card numbers are stored in an encrypted form.
We store credit card numbers in a PCI (Payment Card Industry) compliant encryption standard and do not believe your credit card information is vulnerable as a specific result of this incident. That said, it is good practice to monitor your credit card account and we encourage you to notify your credit card provider if you see any suspicious charges. — Network Solutions
All user passwords to be reset
Besides contacting all affected customers, Network Solutions will also require its users to reset their account passwords the next time they log in as an additional precautionary measure.
“As with any online service or platform, it is also good security practice to change your password often and use a unique password for each service,” adds the company.
“Safeguarding our customer’s information is core to our mission. We are committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity,” Network Solutions says. “We will continue to do so as we incorporate the key learnings of this incident to further strengthen our cyber defenses.”
Not the first breach
This is the second time Network Solutions was impacted by a security breach. The company also alerted its customers on July 2009 that “unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company.”
“The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring. Exposure varied by merchant, but in all cases took place sometime between March 12, 2009 and June 8, 2009,” Network Solutions also disclosed at the time.
BleepingComputer asked Network Solutions to specify the number of customers impacted in the security breach since this information was not disclosed but did not hear back at the time of publication.
Update October 30, 18:43 EDT: Network Solutions’ parent company Web.com was also breached, together with Register.com, another subsidiary acquired in June 2010.
Read the original article over at BleepingComputer.com.
