WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
Web host and registrar Name.com recently began notifying its users that a security breach may have exposed their user names, e-mail addresses, encrypted passwords and encrypted credit card information (h/t Sophos).
The company says the breach appears to have been aimed specifically at gaining information on a single large commercial account.
"Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised," the company stated in its notification e-mail. "Therefore, we don’t believe that your credit card information was accessed in a usable format."
The company is requiring all of its users to reset their passwords -- and if they use those passwords on other sites, it's of course urging them to change their passwords there as well.
Still, as Sophos' Paul Ducklin notes, Name.com did make one significant mistake in its notification e-mail -- by stating, "Please click the link below to reset your password," followed by a link, they're unfortunately getting their users comfortable with the idea of clicking on links in phishing e-mails.
"Always encourage users to find their own way to your login page: that forces them to familiarize themselves with the usual sequence of pages, forms, and questions," Ducklin writes.