A global internet registrar with millions of customers has admitted suffering a data breach in August which exposed user account information.
US-based Web.com, and subsidiaries Network Solutions and Register.com, discovered on October 16 that they were hit by an attack late in August.
“Our investigation indicates that account information for current and former Web.com customers may have been accessed,” the firm said in a statement.
“This information includes contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder. We encrypt credit card numbers and no credit card data was compromised as a result of this incident.”
The firm said it brought an independent cybersecurity firm on board “immediately” after discovering the unauthorized access, in order to determine the scope of the incident and what data was affected.
“We are notifying affected customers through email and via our website, and as an additional precaution are requiring all users to reset their account passwords,” it added.
Although credit card numbers are encrypted in line with PCI DSS standards, Web.com urged customers to keep an eye on card activity.
However, the other stolen information could put customers at risk of follow-on phishing and identity fraud attempts.
Network Solutions is the fifth largest registrar in the world, with almost seven million accounts to its name, although it’s unclear how many were affected by this incident.
Matthew Ulery, chief product officer at SecureAuth, argued that the attack highlights the need for more streamlined, intelligent authentication security to protect employee accounts.
“Attackers are simply walking through the front door of enterprises, gaining unauthorized access and looting PII, further exacerbating the identity security crisis. This attack is a major wake up call for organizations to improve their identity security approach,” he added.