Hackers have hacked Web.com and two leading domain name registrars that it controls, Register.com and NetworkSolutions.com, as per Krebs on Security. Web.com launched a security notice asking users that they will be obliged to reset their credentials the next time they sign in. Such hacks are specifically concerning, since domain name registrar users are website controllers, and almost 8.7 Million of them are enrolled with those firms, as per Krebs.
Web.com claimed that “a 3rd-party got unauthorized access to a restricted number of its computer networks in late August this year, and consequently, account data might have been used,” stating that “no credit card info was negotiated due to that incident.”
On the other hand, it claimed that contact info such as “address, name, email address, phone numbers, and data about the services that we provide to a specific account holder” were compromised. While Web.com asked users to reset their credentials, it claimed that “we encode account passwords and do not think this data is vulnerable as a specific outcome of this occasion.”
Such an attack may appear comparatively minor, but domain name registrars trade website names and allocate them IP addresses. By itself, they are an important cog in the web. If a hacker succeeds in altering a domain name, they can take management of a complete website.
For example, attackers once negotiated a Brazilian bank’s domain name registrar and redirected consumers to lookalike websites that pinched their passwords and installed virus.
On a related note, a number of attackers will not touch web browsers further than exploiting their vulnerabilities, but one team is taking things a step forward. Kaspersky has detailed efforts by Turla, a Russian group, to fingerprint TLS-encoded web traffic by altering Firefox and Chrome. The team infects networks with a remote access Trojan.