The World’s First Internet Domain Name Provider Confirms Data Breach – Expert Reactions

By   ISBuzz Team
Writer , Information Security Buzz | Oct 31, 2019 07:07 am PST

It has been reported that top domain name registrars and are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. “On October 16, 2019, determined that a third-party gained unauthorised access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” said in a written statement. “No credit card data was compromised as a result of this incident.”

Notify of
8 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Matthew Ulery
Matthew Ulery , Chief Product Officer
InfoSec Expert
November 4, 2019 11:35 am

News of the domain registrars\’ breach is the latest in a long line of identity-based attacks. Attackers are simply walking through the front door of enterprises, gaining unauthorized access and looting PII, further exacerbating the identity security crisis. This attack is a major wake up call for organizations to improve their identity security approach. Organizations that rely on basic multi-factor authentication (MFA) such as passwords and SMS-based messages are exposed to attacks like these. Organizations must look beyond basic MFA and leverage both positive and negative signals to enable efficient end-user and customer access without putting the viability of the organization at risk. With the majority of breaches involving compromised credentials and weak authentication, techniques such as contextual and adaptive authentication methods will maximize security while not burdening the end user.

Last edited 3 years ago by Matthew Ulery
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Leader
October 31, 2019 3:50 pm

Without more details on the incident, it is difficult to establish the objectives of the attackers. It could be possible that this was an opportunistic attack to steal credentials or personal information.

It\’s important for companies of all sizes and verticals to invest in security, especially where customer data is involved, not just payment information.

Customers who are affected should change their passwords, and also check their accounts to ensure no changes have been made to any of their details or sites.

They should also be extra vigilant against any potential phishing emails that criminals may send using the information stolen from these breaches.

Last edited 3 years ago by Javvad Malik
Robert Ramsden Board
InfoSec Expert
October 31, 2019 3:48 pm

It is not clear why it has taken over two months for this breach to be disclosed and this raises a number of concerns about the security practices employed by the organisations.

Any organisation that takes over two months to identify a breach has significant flaws within their security program and risks putting their customer data as serious risk.

The attacker who gained access these systems had unlimited access to customer data for over two months, providing them with endless opportunities. Anyone who has been affected by the breach is advised to change their passwords urgently.

Last edited 3 years ago by Robert Ramsden Board
Prash Somaiya
Prash Somaiya , Technical Program Manager
InfoSec Expert
October 31, 2019 3:46 pm

Another day, another data breach. It\’s not a question of \’if\’ a company will be breached but \’when\’. With the increasing pace of development, bugs are inevitably going to exist and will be exploited unless found and disclosed before they can cause a breach. For customers, while they do place trust in companies to keep their data secure, when they learn of a data breach like this, I’d recommend they also take precautionary steps to secure their data regardless of whether or not they think they’ve been affected to avoid any nasty surprise years down the line.

Breaches like this also drive home the point that every company should have a formal process to accept vulnerability reports from external third parties. A Vulnerability Disclosure Policy or Security@ email is the best way to ensure that when someone sees something exposed, they can say something.

Last edited 3 years ago by Prash Somaiya
Hugo van Den Toorn
Hugo van Den Toorn , Manager, Offensive Security
InfoSec Expert
October 31, 2019 3:44 pm

Your organisation’s data is your responsibility, whether you are processing the data yourself or a third-party is handling the information. The same risk assessments and security measures should be taken to ensure it is protected at the appropriate level of security. If a third-party your business is utilizing is breach, such as this case, you should have an internal incident response process that is followed in your company. For example; changing credentials for the affected services, reviewing 2FA utilization and reviewing if any of your customers is affected by the third-party breach. If your customers are impacted, it is your organisation’s due diligence to also inform your customers about the breach.

Last edited 3 years ago by Hugo van Den Toorn

Recent Posts

Would love your thoughts, please comment.x