UPDATED MAY 2020
Registrar Security Breach
Before you worry, we want to ensure you 101domain was not affected by the breach. We want to thank our awesome customers for trusting your most valuable digital assets with us – we know it’s an important decision!
If you didn’t hear about hackers breaching some of the web’s most largest domain registrars, and now, GoDaddy’s confirmed data breach, basically what happened was that a third-party gained unauthorized access to private customer account information. As a business or website owner, you can imagine how worrisome this is.
According to the State of California Department of Justice, the GoDaddy breach occurred on October 19, 2019. Bleeping Computer broke the news, reporting that GoDaddy customers were informed that their web hosting account credentials had been compromised by an “unauthorized individual” who had gained access to login credentials.
Protect Yourself in the Case of a Security Breach
Trust is everything in business. The best domain registrar for you will have the tools you need to work efficiently and securely. We want you to feel confident when you are working with us and know that you are benefiting from all of the advanced security features offered in your 101domain account.
See how 101domain stacks up against the top registrars affected by the security breach:
7 Security Breach Features Every Business Should Have In Place
We pride ourselves on our stellar security at 101domain, but to ensure something like this doesn’t happen to you, we recommend logging into your account and enabling the following security features on your end.
1. Two-Factor Authentication
I think we all understand the concept of two-factor authentication by now. In addition to your standard username and password information, you are required to provide a temporary and dynamic security code when two factor verification is enabled. Without the code, your account cannot be accessed and can avert disaster in the case of a compromised password or other security breach.
2. Domain Update Lock
Domain update lock also know as registrar lock or domain transfer lock, prevents unauthorized changes. When domain update lock is enabled, your domain name cannot be updated or transferred without you first unlocking your domain from within your account. Your domain can still be accessed in your account and renewed when domain update lock is enabled. This features will not keep you completely safe in the event of a security breach, but it will slow down the hacker.
3. Registry Lock
Registry lock takes things a step further and requires authorization from multiple parties for changes to be made. When registry lock is activated, an authorized account manager at 101domain must manually submit a request to the registry, who then verifies the request through a phone call which requires a secret passphrase. Sounds like a spy movie, but no – it’s just your brand protection team at 101domain at work!
In the case of a security breach, registry lock will keep your most important digital assets protected. Not all domain extensions offer registry lock, and not many registrars besides 101domain offers this advanced security feature, so it is a good idea to check if your registrar does.
DNS security extensions (DNSSEC) makes DNS queries unspoofable. DNSSEC provides a method that allows resolvers to affirm that the responses they received have been unaltered, creating a DNS lookup chain of trust. Without this mechanism, DNS queries could have been altered in transit. For example, when you enter the URL for your online banking system, it’s good to know the IP address for your bank portal is legit. Without this verification you could be entering the key to your life’s savings into a hijacked system.
It may be easier for hackers to exploit the DNS operator or registrar management platform to manipulate your domains and hijack them, but having DNSSEC enabled greatly reduces the number of victims in a security breach like this. Today, it is a unwritten requirement that all mission-critical domains be DNSSEC-signed.
Secure Web Accelerator
Secure Web Accelerator powered by Cloudflare with DNSSEC adds a layer of authentication on top of your DNS to improve your site’s security, speed, and reliability starting a less than $1/month.
5. IP Lock and Logging
If your company is based in San Diego and you see someone logging into your registrar account from Russia, that’s probably not a good sign. Having the ability to limit your logins, restrict the number of IP addresses that can be used to log in, and monitor your account activity with detailed change logs in your 101domain account significantly increases your security.
Ideally, you want all logins to originate from inside your organization. However, if you work with remote employees or outside web developers, you can use a VPN or other security best practices to avoid a security breach.
6. Multi-User Accounts
Not all registrars offer this feature but it is one that was highly requested from our customers before we implemented it. If you have multiple employees or outside contractors that use your account, we highly suggest created users for each person. The multi-user feature is role-based meaning each account is customized to the work that individual does, and the settings and services they need access to. This helps you and your team collaborate more efficiently while still maintaining the highest level of security.
7. Private Registration
Every domain owner is required to have accurate contact information, if you do not supply accurate information to your registrar your domain could be suspended. Depending on what domain you have, this information is sometimes shared on the public WHOIS database. Domain privacy protection is a service that shields your information from being published to the WHOIS.
With private registration, we shield our customer’s personally identifiable information and display the information of our private domain registration service, instead. This keeps your identity and private data hidden, while you remain in full control of your domain names as the sole owner. You can add private registration to any of your domains at any time in your account.