On monday we announced the attempted data breach that took place on October 11th.
We reiterate that no customer passwords or domain auth codes were compromised and that no unauthorized modifications to any domains or DNS settings occurred.
Our forensics have uncovered the possibility that some member email addresses were exposed when an event notification log was briefly readable during the attempted breach. No passwords or other sensitive data are logged to these files, only email addresses for system events such as the transmission of renewal notices, logins and WDRP (whois data reminder) notices.
We are currently emailing affected members to be on their guard for any suspicious email notices or phishing attempts.
We apologize for any alarm or inconvenience this is causing, rest assured, your data, your domains and your DNS is safe and we continue to move ahead with further security enhancements to stay ahead of the next threat.
I guess that means whoever got hold of the log can figure out which email is associated with a domain?
Hi Dave,
I’m afraid that is correct in some cases. This did not affect all users, and those affected have been contacted.
Regards
Arnon