Afternic just notified me of a breach

So, did anyone else get this notice?

Dear xxxxxxxxxxx ,

We want to make you aware of a security incident we recently identified.

On Thursday, February 12, a security researcher contacted us about a potential issue with a Web API. We immediately opened an investigation and found a misconfigured server accessible though the API. Using this API, the security researcher crafted a specific request that returned information from other customer accounts.

Through our audits, we identified this specific API call was run against a small segment of our customers’ accounts. Unfortunately, your information may have been viewed using this call, which includes your first name, last name, email address, physical address, telephone number, and your Afternic username. At no point was your password or credit card information at risk.

As soon as we identified the issue, we removed the server from rotation, securing our API infrastructure.

Please monitor for any suspicious communications that may come from third parties through the contact details that were on your Afternic account (e.g. email/telephone number).

We are very sorry this incident happened. Protecting the privacy of our customers is our top priority and we let you down in this instance. Our team is committed to preventing these types of incidents in the future and we’ll always be forthcoming in our communications with you.

If you have any questions, please email [email protected].

Best regards,
The Afternic Team

 

Whew...I thought it was something bad. <sarcasm>

According to Afternic, all they got was my legal name, email address, physical address and phone number.
At least they are sorry and they were forthcoming...10 days after the hack.

 

I just received that same email as well.

 

I just got the email as well. Maybe that's why I'm receiving more spam calls and emails than usual??

 

I didn't get that e-mail, so maybe they only sent the info to those actually affected?
Anyway the website looks ancient, so probably the backend is outdated too.

 

I did not get the email.

Brad

 

major kudos to them for being upfront and not waiting to announce things. This happens to companies of all sizes, the good news is domainers are more prepped for scammers than pretty much anyone else. We get targeted with schemes all the time.

 

New outbound: "Hello Real N. Ame, I got your email address though the Godaddy API. Let's meet today at your place to discuss some great domain alternatives I'd like to liquidate this week. Can I call you now?"

 

@Joe Styler was serious when he said "there is a lot going on at Afternic"... Shaking my head...

 

A new business emerges: dating site for domainers, thousands signed up from day one (without knowing).

"Meet hot domainers from your area."

 

May be an NP member @suitedbrand brought this to their attention on 11 Feb - see https://www.namepros.com/threads/pr...rt-problems-here.1006373/page-51#post-8159984
where @suitedbrand said this:

 

Afternic has a server?

 

Would that be namehos?

 

Yes and someone told them their servers look better dressed in breeches so full marks to them for trying:
https://en.wikipedia.org/wiki/Breeches

 

So funny, AfternicSucks dot com is forwarded to Afternic dot com. First time I have seen that. Usually companies buy and bury....

Not Afternic - they want the people who believe they suck to have a seamless gateway to their real site.

 

I also received the email.

 

Ditto.

 

Not yet received the email about the breach. When did you all receive the email?

 

Move from Afternic to DAN.com

 

55 minutes ago

 

Just a couple of mins before I made the first post.

 

I have not got the email yet...

 

Received similar mail 1 hour back.

 

Found the data leak by concidence when I was visiting one of my listings. There was a link to my profile that contained my username, even though I opted to hide it via the privacy settings.

So I looked closer, opened the network tab of my browser and was surprised to find the said API call that returned not only my username, but a lot of other personal and account related information too.

In order to validate the leak was not related to my account only, I visited a few listings of other sellers and was able to retrieve the same information about them.

I reported the issue and after @Paul Nicks read my message it was fixed pretty quickly.

Probably everyone received the email who had visitors who happened to use the "misconfigured server" on their listing pages because this triggered the API call in the background.

 

What about the bank details (payout details). All gone.