Top domain name registrars suffered data breaches in August

Top domain name registrars suffered data breaches in August

Glitch in Babylon Health app leaked patients' video consultation recordings

Domain name registrars,, and were at the receiving end of a data breach in August this year that compromised customer account information such as names, addresses, phone numbers, and email addresses.

The cyber security incident was disclosed by on its website recently, with the domain name registrar stating that its systems were accessed without authorisation by third parties in August this year, resulting in the loss of personal information of current and former customers.

"On October 16, 2019, determined that a third-party gained unauthorised access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident," the company said.

"Our investigation indicates that account information for current and former customers may have been accessed. This information includes contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder. We encrypt credit card numbers and no credit card data was compromised as a result of this incident.

"Upon discovery, took immediate steps to stop the intrusion. We promptly engaged a leading independent cybersecurity firm to investigate and determine the scope of the incident. We notified the proper authorities and began working with federal law enforcement.

"We are notifying affected customers through email and via our website, and as an additional precaution are requiring all users to reset their account passwords," the registrar added.

It also mentioned that it does not believe users' account passwords were compromised as all account passwords are encrypted. Howeber, as a precaution, all users are presently being asked to reset their account passwords to secure their respective accounts.

Domain name registrars took over two months to identify the breach

The data breach affected three top domain name registrars, namely and its subsidiaries and, indicating that customer account information of all three domain name registrars was stored in a single internal system that had been accessed by hackers. did not mention the total number of data records compromised due to the security incident nor did it mention the total number of customers affected. All affected customers are presently being notified separately about the breach through email and via the registrar's website.

"It is not clear why it has taken over two months for this breach to be disclosed and this raises a number of concerns about the security practices employed by the organisations. Any organisation that takes over two months to identify a breach has significant flaws within their security program and risks putting their customer data at serious risk," says Robert Ramsden-Board, VP of EMEA at Securonix.

"The attacker who gained access these systems had unlimited access to customer data for over two months, providing them with endless opportunities. Anyone who has been affected by the breach is advised to change their passwords urgently," he adds.

Prash Somaiya, technical program manager at HackerOne, said that data breaches such as the one impacting top domain name registrars drive home the point that every company should have a formal process to accept vulnerability reports from external third parties. A Vulnerability Disclosure Policy or Security@ email is the best way to ensure that when someone sees something exposed, they can say something.

This isn't the first time that hackers have targeted domain name registrars to gain access to customer information or to target customers of such services. In 2017, hackers were able to infiltrate French domain name registrar Gandi's network after stealing login credentials from a technical provider.

The hackers went on to make unauthorised modifications to 751 domains, as a result of which visitors to such domains were redirected to the Keitaro traffic distribution system. Instead of redirecting them to Google, Keitaro TDS redirected visitors to a Rig Exploit Kit where they got infected by a malware named Neutrino Bot.

Prompt action by security teams at Gandi ensured that all the affected domains were reverted to the legitimate name servers within three hours after the initial infection took place.

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles