Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords.
The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along with customer email addresses.
“It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com,” the customer email said.
Name.com told its customers that it uses strong encryption to store payment card data and that the encryption keys required to access that data was not compromised. EPP codes required for domain transfers were also not affected in the breach, as in the case with the keys, those were stored separately from the compromised data.
“We take the matter very seriously,” the email said. “We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.”
Name.com said on its Twitter feed that it was staggering the release of notifications to customers and information about password resets. As of 2 p.m. ET, there was no mention of the breach on the Name.com website, nor on its corporate blog.
The company is taking some heat because it is asking its users to click on an email link in order to proceed with a password reset. This is the same tactic a phishing email would use, for example. Name.com does remind its users that if they use their passwords on other sites, to change those too.
Webhosting.info said Name.com is the 27th largest registrar by total domains with 498,035; Go Daddy is the leader with more than 25 million domains and 32 percent market share.
This is the second large password breach in the last two weeks. On April 28, daily deal site LivingSocial report it had been breached and hackers accessed user names, email addresses and encrypted passwords. More than 50 million were advised to change their passwords. LivingSocial said no credit card data was accessed.