The email that Name.com has been sending is real and all name.com customers should change their password. Hackers aimed at one of name.com’s large commercial clients have caused the registrar to send emails with a link to change the login password.
Name.com has been giving updates through their twitter and facebook accounts:
“The email you received about the password change is from us and is valid. We had some hackers go after one of our large commercial clients, and we want to take all the precautions possible. In the email (which if you haven’t received you should soon) there is a direct and unique link to change your password. Thank YOU for choosing name.com! As you know we’re always on Facebook and Twitter, so can communicate here, and for some questions we’ll direct you to firstname.lastname@example.org. Any other support questions you can direct to email@example.com. Again, thank you.”
Here is the email message in case you haven’t received it yet:
We are writing to inform you of a security measure we have taken to protect the integrity of the domain names and information associated with your account.
Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.
Name.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don’t believe that your credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that your data has been used for fraudulent activities.
As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Name.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.
Please click the link below to reset your password:
We take this matter very seriously. We’ve already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.
We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email firstname.lastname@example.org. We’ll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.
The Name.com Team