Network Solutions, a Web.com company, along with Register.com, has suffered a data breach (they got hacked) in late August 2019. They did not discover this data breach until October 16, 2019. They’re just notifying customers on November 1, 2019 about the data breach. Shouldn’t they have contacted their customers to change their passwords shortly after they discovered it on October 16, 2019?
Go Change Your Password
I have already changed my password over at Register.com since I do have one remaining domain name registered there, and have not had the time to move it to another domain name registrar. I currently have no domain names registered at Network Solutions since I moved them all away from NetSol in the past year. By the way, this isn’t the first time that that I’ve written about issues with Network Solutions, the first domain name registrar.
Network Solutions Notifies Customers
Network Solutions has begun to notify their customers, asking them to change their password. Here’s the email that is going out to Network Solutions customers regarding the data breach:
“Important Security Information
November 1, 2019
What Happened?
On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.
Upon discovery of this unauthorized access, the company immediately began working with an independent cybersecurity firm to conduct a comprehensive investigation to determine the scope of the incident, including the specific data impacted. We have also reported the intrusion to federal authorities and are notifying affected customers.
Safeguarding our customers’ information is core to our mission. We are committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity. We will continue to do so as we incorporate the key learnings of this incident to further strengthen our cyber defenses.
What Information Was Involved?
Our investigation indicates that account information for current and former Network Solutions customers may have been accessed. This information includes contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder. We encrypt credit card numbers and no credit card data was compromised as a result of this incident.
What Are We Doing?
Upon discovery, Network Solutions took immediate steps to stop the intrusion. We promptly engaged a leading independent cybersecurity firm to investigate and determine the scope of the incident. We notified the proper authorities and began working with federal law enforcement.
We are notifying affected customers through email and via our website, and as an additional precaution are requiring all users to reset their account passwords.
What You Can Do
We have taken additional steps to secure your account, and you will be required to reset your password the next time you log in to your Network Solutions account. As with any online service or platform, it is also good security practice to change your password often and use a unique password for each service.
For More Information
For more information visit notice.networksolutions.com or call 1-866-906-0477 or for international, call +1-570-708-8785.”
Password Security
Nowadays, we have to assume that at some point any of our passwords are going to be hacked or a data breach is going to occur. We can’t trust organizations, unfortunately, to stop all hacks and data breaches. But, we can be smart about it. For example, some companies, like Google, have advanced protection to protect your account(s). Google Advanced Protection is a great way to protect your Google Account, especially if you have that account connected to other things, like domain names (Google Domains).
What I recommend is that you don’t use the same user ID and password for every account–you can use the same email address, but I do recommend a randomly generated password for each account. I use a password manager to manage the other 800 accounts that I have online–sometimes multiple accounts with the same company or website. Here’s what I recommend:
- Use a password manager for your accounts.
- Don’t use the same password for every account.
- Use strong passwords, including at least 1 upper case letter, and number, and special symbols such as ! or ? or @
- Set up two-factor authentication on accounts that allow it.