The World’s First Internet Domain Name Provider Confirms Data Breach – Expert Reactions

It has been reported that top domain name registrars NetworkSolutions.comRegister.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. “On October 16, 2019, Web.com determined that a third-party gained unauthorised access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said in a written statement. “No credit card data was compromised as a result of this incident.”

Experts Comments

November 04, 2019
Matthew Ulery
Chief Product Officer
SecureAuth
News of the domain registrars' breach is the latest in a long line of identity-based attacks. Attackers are simply walking through the front door of enterprises, gaining unauthorized access and looting PII, further exacerbating the identity security crisis. This attack is a major wake up call for organizations to improve their identity security approach. Organizations that rely on basic multi-factor authentication (MFA) such as passwords and SMS-based messages are exposed to attacks like these. .....Read More
News of the domain registrars' breach is the latest in a long line of identity-based attacks. Attackers are simply walking through the front door of enterprises, gaining unauthorized access and looting PII, further exacerbating the identity security crisis. This attack is a major wake up call for organizations to improve their identity security approach. Organizations that rely on basic multi-factor authentication (MFA) such as passwords and SMS-based messages are exposed to attacks like these. Organizations must look beyond basic MFA and leverage both positive and negative signals to enable efficient end-user and customer access without putting the viability of the organization at risk. With the majority of breaches involving compromised credentials and weak authentication, techniques such as contextual and adaptive authentication methods will maximize security while not burdening the end user.  Read Less
October 31, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Without more details on the incident, it is difficult to establish the objectives of the attackers. It could be possible that this was an opportunistic attack to steal credentials or personal information. It's important for companies of all sizes and verticals to invest in security, especially where customer data is involved, not just payment information. Customers who are affected should change their passwords, and also check their accounts to ensure no changes have been made to any of.....Read More
Without more details on the incident, it is difficult to establish the objectives of the attackers. It could be possible that this was an opportunistic attack to steal credentials or personal information. It's important for companies of all sizes and verticals to invest in security, especially where customer data is involved, not just payment information. Customers who are affected should change their passwords, and also check their accounts to ensure no changes have been made to any of their details or sites. They should also be extra vigilant against any potential phishing emails that criminals may send using the information stolen from these breaches.  Read Less
October 31, 2019
Robert Ramsden Board
VP EMEA
Securonix
It is not clear why it has taken over two months for this breach to be disclosed and this raises a number of concerns about the security practices employed by the organisations. Any organisation that takes over two months to identify a breach has significant flaws within their security program and risks putting their customer data as serious risk. The attacker who gained access these systems had unlimited access to customer data for over two months, providing them with endless opportunities......Read More
It is not clear why it has taken over two months for this breach to be disclosed and this raises a number of concerns about the security practices employed by the organisations. Any organisation that takes over two months to identify a breach has significant flaws within their security program and risks putting their customer data as serious risk. The attacker who gained access these systems had unlimited access to customer data for over two months, providing them with endless opportunities. Anyone who has been affected by the breach is advised to change their passwords urgently.  Read Less
October 31, 2019
Prash Somaiya
Technical Program Manager
HackerOne
Another day, another data breach. It's not a question of 'if' a company will be breached but 'when'. With the increasing pace of development, bugs are inevitably going to exist and will be exploited unless found and disclosed before they can cause a breach. For customers, while they do place trust in companies to keep their data secure, when they learn of a data breach like this, I’d recommend they also take precautionary steps to secure their data regardless of whether or not they think.....Read More
Another day, another data breach. It's not a question of 'if' a company will be breached but 'when'. With the increasing pace of development, bugs are inevitably going to exist and will be exploited unless found and disclosed before they can cause a breach. For customers, while they do place trust in companies to keep their data secure, when they learn of a data breach like this, I’d recommend they also take precautionary steps to secure their data regardless of whether or not they think they’ve been affected to avoid any nasty surprise years down the line. Breaches like this also drive home the point that every company should have a formal process to accept vulnerability reports from external third parties. A Vulnerability Disclosure Policy or Security@ email is the best way to ensure that when someone sees something exposed, they can say something.  Read Less
October 31, 2019
Hugo van Den Toorn
Manager, Offensive Security
Outpost24
Your organisation’s data is your responsibility, whether you are processing the data yourself or a third-party is handling the information. The same risk assessments and security measures should be taken to ensure it is protected at the appropriate level of security. If a third-party your business is utilizing is breach, such as this case, you should have an internal incident response process that is followed in your company. For example; changing credentials for the affected services,.....Read More
Your organisation’s data is your responsibility, whether you are processing the data yourself or a third-party is handling the information. The same risk assessments and security measures should be taken to ensure it is protected at the appropriate level of security. If a third-party your business is utilizing is breach, such as this case, you should have an internal incident response process that is followed in your company. For example; changing credentials for the affected services, reviewing 2FA utilization and reviewing if any of your customers is affected by the third-party breach. If your customers are impacted, it is your organisation’s due diligence to also inform your customers about the breach.  Read Less
October 31, 2019
Andrew Clarke
Director, Strategic Alliances & Channel Partnerships, EMEA
One Identity
Often, companies convince themselves that they have taken necessary measures to protect themselves. In this case, web.com declared, “We encrypt account passwords and do not believe this information is vulnerable as a specific result of this incident”. And although this is a viable measure to take, there is the issue of the access that occurred ahead of this – when several computers were targeted to initiate the intrusion and subsequent plundering of password data. A malicious attack.....Read More
Often, companies convince themselves that they have taken necessary measures to protect themselves. In this case, web.com declared, “We encrypt account passwords and do not believe this information is vulnerable as a specific result of this incident”. And although this is a viable measure to take, there is the issue of the access that occurred ahead of this – when several computers were targeted to initiate the intrusion and subsequent plundering of password data. A malicious attack often starts with privileged access – ie administrative accounts – where the password is discovered either because it is set to a default condition or is easy to guess. Attackers then use those credentials to start unlocking doors in other systems across the organisation. Often, this is never seen or discovered so, unless the fundamental security element of privileged access management is in place, this will have potential to repeatedly occur while remaining undetected. In fact, for the second year running, Gartner has highlighted that this foundational security factor is the highest priority for IT departments to address. A key point for most businesses is to remind themselves is that security starts with identity.  Read Less
October 31, 2019
Dan Pitman
Principal Security Architect
Alert Logic
In this case, the dwell time between attack and detection is not the worst, but they have announced the beach within a good amount of time. They are asking users to reset their password when they login and are in the process of notifying them directly Web.com has stated that it doesn't believe passwords were compromised because they were encrypted, but don't state what kind of encryption. Sometimes "hashing" a password is referred to as encryption. Hashed passwords that aren't "strong".....Read More
In this case, the dwell time between attack and detection is not the worst, but they have announced the beach within a good amount of time. They are asking users to reset their password when they login and are in the process of notifying them directly Web.com has stated that it doesn't believe passwords were compromised because they were encrypted, but don't state what kind of encryption. Sometimes "hashing" a password is referred to as encryption. Hashed passwords that aren't "strong" enough, and can be brute forced to reveal the original password. Web.com password requirements are 13 characters which means that any hashed password would take too long to brute force (it's not clear if this was a change in response to the breach though). Ultimately, anyone creating a password on a site that contains sensitive information like credit card data needs to use a long password and the recommendation is to make this a memorable phrase and, have a set of different passwords used on sites based on how sensitive or personal the information they hold is, or use a password manager to generate unique passwords for each site.  Read Less
October 31, 2019
John Handelaar
VP EMEA
Gurucul
The full details of this incident are still unclear, however this appears to be an example of a breach that occurred as a result of a third party gaining unsecured access. These types of third party data breaches are all too common for businesses both large and small. But most of them are preventable. Too often, vendors and partners are granted too many rights to too many systems, thus resulting in incidents like these. Companies should only allow third-party access within their networks to.....Read More
The full details of this incident are still unclear, however this appears to be an example of a breach that occurred as a result of a third party gaining unsecured access. These types of third party data breaches are all too common for businesses both large and small. But most of them are preventable. Too often, vendors and partners are granted too many rights to too many systems, thus resulting in incidents like these. Companies should only allow third-party access within their networks to what is required to accomplish their tasks and nothing more. Behaviour-based security analytics solutions would spot unusual and suspicious behaviour performed by any user and allow the businesses to quickly identify and remediate threats while searching for the compromised account(s) or machines.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.