Enom a domain name registrar and web hosting company experienced a DNS redirection or DNS hijacking attack but assured their customers that there were no significant damage inflicted by the attackers. Enom also said that there were no evidence that the hackers accessed sensitive information from customer accounts.
Although Enom’s statements were conflicting because they first mentioned that that attack took hours but later on they mentioned that it took for a very short period of time.
I received and email about this incident entitled: “Important notice: account security update”
I want to inform you that Enom recently became the subject of what appears to be a very sophisticated attack by a group that targets large internet infrastructure companies. Within hours of this attack, we were in contact with federal law enforcement and the affected parties. This attack hijacked the DNS traffic of 4 domains for a very short period of time before we mitigated the situation.
You have not been impacted by this incident and you are not required to take any action to ensure your future security. However, in an effort to continue to strive for transparency and best in class services, I wanted to inform you of this unfortunate situation.
To be clear, no domain names were stolen, and after exhaustive analysis, with the exception of the DNS of the domains specifically targeted, we do not have any evidence or reason to believe that these malicious actors accessed any customer accounts, customer personal information, or any of Enom’s secured and encrypted data. Your security is a leading priority at Enom and we continue to work both with federal law enforcement and industry leading security forensic companies to protect your online presence.
I know you trust Enom with your domain names and services and we take this responsibility very seriously. We appreciate your business and you have our commitment to continue to do what it takes to protect your assets.