Breach exposes e-mails and passwords.
E-mail addresses and passwords for a limited number of NameDrive customers were obtained and posted in a hacker forum this month. The security breach just came to light today. NameDrive has responded by instituting new security measures including password resets:
We were alerted of a possible security breach affecting less than 1% of our accounts, although we have no indication that any unauthorized access was gained, we have reacted forcefully to ensure absolute security for your account.
If you have any concerns, please feel free to contact us at [email protected]
NameDrive was quick to act after being informed of the breach.
It is unlikely that the intent of the hackers was to login to NameDrive accounts, but more likely used to check free e-mail accounts that may have used the same password as the NameDrive accounts. However, the information could have been used to access NameDrive and get information such as tax ids.
A compromised e-mail account can be used for a number of malicious reasons, but I am unaware of any incidents linked to this. NameDrive customers should consider changing passwords at other sites if they use the same password across multiple web sites.
This is the second security breach to hit the domain community over the past month. Last month limited information from 1,000 accounts at GoDaddy was compromised.
If a U.S. business lets confidential data released due to their negligence, they are
liable for damages.
What about these companies?
Kia Foster says
Not happy at all. NameDrive should have been
much more upfront than they were. Also GoDaddy were not upfront. These companies are much much too lax.
First off, why did NameDrive store passwords in plain-text.
The hackers could’ve stole the information, but if the passwords were AT LEAST encrypted, they would have a harder time.
If they were hashed, the data would’ve been at least worthless. But stored in plain text? Wow.
Peter Moulton says
Godaddy.com was hacked and domains from one account are moved to another account. On Friday May 22, 2009 I got a message that there were changes to my account with nine domains of clients. I immediately responded telling Godaddy.com that I had not made any changes. After hours on the phone and messages back and forth it is four day later and they still have not restored the domains.