DomainTools

Yesterday DomainTools experienced a high volume user email harvesting campaign which abused a flaw in our individual membership email update processes. To the best of our knowledge, no DomainTools customer login and password combinations were compromised by this scripting effort. However, the campaign appears to have correctly matched a few hundred current or historic DomainTools account email addresses.

We encourage DomainTools account holders to change their passwords as a precautionary security measure. From our investigation it appears the actor used email addresses from prior well-known breaches and ran those against our email update process. This campaign resulted in the DomainTools website confirming the existence of a limited number of user email addresses in our membership system. From there, the attacker could conceivably attempt login/password combinations sourced from those prior data dumps such as LinkedIn or Dropbox . These large scale data breaches can be researched at discovery sites such as Have I Been Pwned.

We want to apologize to our account holders for the inconvenience this may cause. The security of our users is paramount and despite what initially seems like very limited exposure we wanted to notify all our current and prior active users of this situation. DomainTools has patched the system in question and implemented additional monitoring for any account abuse stemming from yesterday’s activity.

Sincerely,

DomainTools


Rbcafe

Rbcafe provides software, shareware and freeware for Mac OS X since 2004. Since 2010, Rbcafe distributes software on the Mac App Store.

Related Posts

Blog

Dark Matter (Apple vs Wikileaks)

Apple vs Wikileaks. Triton, EFI and CIA… Article found on the Wikileaks. March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the Read more…

Amazon

Amazon Piraté ?

Bonjour, Ce matin j’ai reçu ce message de la part d’Amazon. Bonjour *, Chez Amazon, nous prenons très au sérieux la confidentialité de vos informations personnelles. Or, nous avons trouvé en libre consultation sur Internet Read more…

Blog

Roundcube fuzzing

Fuzzing Roundcube. A list to fuzz the Roundcube installation. Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, Read more…