Daily Domainer

Sedo just sent out the following security alert:

We have been informed that due to a security problem at one of our competitors a list of their customer data including plaintext passwords is currently circulating on the web including relevant hacker forums.

Our Security and Compliance Team has found several of our own customers matching the publicly available list. Due to the seriousness of this matter combined with the possibility that you might be using the same login data/password at more than one parking company, we strongly suggest you to change your password at Sedo.

Sedo uses cryptographically unbreakable ciphertext for password checks and does not store your password in plaintext. This, and a variety of other security measures, ensures that your Sedo account is always safe from third parties.

We generally recommend to always use different login IDs for different sites and never hand out login IDs to any third party.

Should you have any further questions or needs, your dedicated account manager is looking forward to help.

Kind regards,

Your Sedo Security and Compliance Team

They are referring to NameDrive, which, as Domain Name Wire reported yesterday, had less than 1% of their client accounts hacked recently.

Many domainers use the same passwords at different sites, including registrars, parking companies, forums and email providers. If just one of these accounts gets hacked, all your other accounts are at risk if the password is the same! This is especially true if a site stores your passwords in plaintext. However, depending on the quality of a password, hackers might be able to recover it even if it is encrypted.

Sedo has had its share of security challenges in the past, so it is very nice to see that they are alerting their customers to this common risk.