US domain registrar and web hosting service Name.com has fallen victim to a hacker attack. In a recent email, the company informed its customers of an incident that potentially enabled unknown attackers to gain access to “email addresses, encrypted passwords and encrypted credit card details”. The registrar says that the private crypto keys that are required to decrypt the stolen credit card details are stored on a separate system that wasn’t compromised.
The company didn’t comment on the security of the “encrypted” passwords. Passwords are usually stored as hashes that can be further protected by being salted. Name.com has asked its customers to reset their passwords, and customers can only log back in once they have done so.
Name.com said that the attackers appear to have targeted the account of a major business customer. No information on how the intruders gained access has so far been released. According to statistics compiled by WebHosting.Info, the registrar manages about half a million domains. The company also offers web hosting and SSL certification services.