The hacks just keep on coming: Domain name company Easily has been hacked, the company announced in an email to customers on Thursday morning.
It was “subjected to a targeted attack against our IT systems by an unknown third party,” it says. “A forensic investigation by independent experts has revealed that unauthorised access was gained to our internal systems. This included the placement of malware on those systems.”
A copy of the email was passed to Business Insider by a reader who was told their domains names were not accessed. “We have found no evidence that your account details, passwords or any personal information which could identify you was accessed,” the email they received reads.
The inference of this seems to be that the details of some other Easily customers have been accessed. In an FAQ accompanying the email, it says credit card details will not have been accessed in the breach, as “Easily is integrated with an outsourced payment provider.”
Easily has not yet responded to Business Insider’s requests for comment, and parent company NetNames was unable to immediately comment when reached by phone.
As it currently stands, we’re still light on details about how many Easily customers have been affected. It’s also not clear when the attack took place, how long it took Easily to detect it, the types of data accessed, and the nature and severity of the malware that was placed on Easily’s systems.
As soon as we have more details we’ll update this post, so check back regularly.
Easily has confirmed in response to a customer’s question that the email sent about the breach is genuine, but it does not appear to have made any public statement about the breach, more than three hours after the customer email was sent.
Another apparent customer reports on Twitter that its support email is responding in “bad English,” leading her to ask if it has “been hacked.”
Easily describes itself as “one of the UK’s largest domain name and web hosting companies” and offers a range of internet services, including email and web hosting, and domain name buying. According to its website, it has 100,000 customers in 150 countries, though it’s not clear what proportion of these were affected by the hack.
The company is owned by the NetNames Group, which also owns internet companies Ascio and Speednames. It’s not clear whether any of NetNames’ other properties were affected by the hack.
Here’s the full email sent to Business Insider by a reader:
Security Update (10th December 2015)
I am writing to inform you that Easily has been subjected to a targeted attack against our IT systems by an unknown third party. A forensic investigation by independent experts has revealed that unauthorised access was gained to our internal systems. This included the placement of malware on those systems.
We have taken action to isolate and remove the malware which was identified.
The investigation revealed that a list of domain names registered on behalf of our customers was accessed. However, none of the domain names that are registered to you were featured on the list that was accessed. We have found no evidence that your account details, passwords or any personal information which could identify you was accessed. However, as a precautionary measure, we recommend that you change the password which you use to log into easily.co.uk. We have provided details on how to do this in the Frequently Asked Questions below.
At Easily, we take the security of your information seriously and continue to prioritise and invest in our security systems. We regret any inconvenience caused to you by this incident.
The following FAQs provide further details. If you have any concerns, please do not hesitate to contact us via our Customer Support team at [email protected]
Chief Operating Officer