Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Australian Federal Police is investigating a security breach at Australian registrar Bottle Domains that may have exposed an unknown number of account and domain name passwords.
Several calls placed by iTnews to Bottle today were not returned.
But in a letter issued to customers today, Bottle said that "a number" of its accounts had been targeted and that it had "updated" both the account and domain name passwords for its customer base "as a precautionary measure".
"Whilst strict security is in place, we have taken further measures to enhance and protect your security, including human verification of important registry updates," Andrew Steven, general manager at Bottle Domains, said in the letter.
"We are working in conjunction with the Australian Domain Administrator, relevant authorities, and independent security experts to review and consider even further measures to protect your important data".
The Australian Domain Administrator, auDA, has confirmed the breach took place.
auDA chief Chris Disspain said that Bottle had been instructed to change passwords and conduct an independent security audit of its operating systems.
"auDA is working with Bottle Domains to manage any security risks arising from the incident, and has today sent email notification to customers of Bottle Domains," Disspain said.
"Whilst the AFP investigation is ongoing, it is inappropriate for auDA to make any further comment. However, auDA will take further action as necessary when the investigation is completed."
Domain Central is also understood to have reset passwords following the breach.
Calls to Domain Central's main customer support number went directly to voicemail.
But in a separate email to customers, the company's customer service team said it had "no indication" of any accounts being directly affected by the breach.
"We have been made aware of a security attack on another Domain Registrar owned and operated by Domain Central¹s parent company, and although we have no indication that any Domain Central accounts are affected, and note that Domain Central is on an independent platform to this Registrar, we feel that as a matter of prudency, greater security measures are justified," the email said.
"Over the near future Domain Central will be introducing new account features which improve security and awareness of changes to your services, in our continuing effort to improve features and the security of our customer¹s critical services."
More to come
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.