It has been reported that top domain name registrars NetworkSolutions.com, Register.com and Web.comare asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. “On October 16, 2019, Web.com determined that a third-party gained unauthorised access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said in a written statement. “No credit card data was compromised as a result of this incident.”
News of the domain registrars\’ breach is the latest in a long line of identity-based attacks. Attackers are simply walking through the front door of enterprises, gaining unauthorized access and looting PII, further exacerbating the identity security crisis. This attack is a major wake up call for organizations to improve their identity security approach. Organizations that rely on basic multi-factor authentication (MFA) such as passwords and SMS-based messages are exposed to attacks like these. Organizations must look beyond basic MFA and leverage both positive and negative signals to enable efficient end-user and customer access without putting the viability of the organization at risk. With the majority of breaches involving compromised credentials and weak authentication, techniques such as contextual and adaptive authentication methods will maximize security while not burdening the end user.
Without more details on the incident, it is difficult to establish the objectives of the attackers. It could be possible that this was an opportunistic attack to steal credentials or personal information.
It\’s important for companies of all sizes and verticals to invest in security, especially where customer data is involved, not just payment information.
Customers who are affected should change their passwords, and also check their accounts to ensure no changes have been made to any of their details or sites.
They should also be extra vigilant against any potential phishing emails that criminals may send using the information stolen from these breaches.
It is not clear why it has taken over two months for this breach to be disclosed and this raises a number of concerns about the security practices employed by the organisations.
Any organisation that takes over two months to identify a breach has significant flaws within their security program and risks putting their customer data as serious risk.
The attacker who gained access these systems had unlimited access to customer data for over two months, providing them with endless opportunities. Anyone who has been affected by the breach is advised to change their passwords urgently.
Another day, another data breach. It\’s not a question of \’if\’ a company will be breached but \’when\’. With the increasing pace of development, bugs are inevitably going to exist and will be exploited unless found and disclosed before they can cause a breach. For customers, while they do place trust in companies to keep their data secure, when they learn of a data breach like this, I’d recommend they also take precautionary steps to secure their data regardless of whether or not they think they’ve been affected to avoid any nasty surprise years down the line.
Breaches like this also drive home the point that every company should have a formal process to accept vulnerability reports from external third parties. A Vulnerability Disclosure Policy or [email protected] email is the best way to ensure that when someone sees something exposed, they can say something.
Your organisation’s data is your responsibility, whether you are processing the data yourself or a third-party is handling the information. The same risk assessments and security measures should be taken to ensure it is protected at the appropriate level of security. If a third-party your business is utilizing is breach, such as this case, you should have an internal incident response process that is followed in your company. For example; changing credentials for the affected services, reviewing 2FA utilization and reviewing if any of your customers is affected by the third-party breach. If your customers are impacted, it is your organisation’s due diligence to also inform your customers about the breach.