14 DAY TRIAL // On Monday, DomainTools said it detected an attack against its user management system from an unknown attacker and advised users to change their passwords as a precaution.
DomainTools, a company that provides historical domain Whois information, is a favorite tool for infosec researchers who use it to gather information about threat actors, such as connections between current and past domain names, IP addresses were those domains were hosted, and email addresses used to register those domains.
The company said that a vulnerability in how its system handles user email update operations allowed an attacker to test random emails addresses and see who registered on the site.
Incident is a problem for security researchers
Because most of its clientele is performing research into cybercrime operations, DomainTools decided it was best to let customers know that somebody was trying to identify if random addresses had been used to register accounts on the site, and most likely belong to security researchers.
Information like this could be valuable for spear-phishing campaigns, or for social engineering attacks.
Because of the large number of mega breaches, which in some cases exposed even plaintext passwords, an attacker could draw a possible connection between a researcher's email address, his username, past or present passwords, and even his real world identity.
There are many infosec researchers that use aliases for their public persona instead of their real name, just because they fear having their private life exposed online.
Attackers identified only a few hundred emails
DomainTools said it patched the flaw that allowed the hacker to enumerate emails for active customers and also advised customers to change their passwords, as a precaution. The advice should be taken into consideration, especially by users that reuse passwords.
The company said attackers had correctly matched only "a few hundred current or historic DomainTools account email addresses."
Softpedia readers can consult a full version of the DomainTools notification email by pressing the toggle button below.
Got this from @DomainTools cc @troyhunt pic.twitter.com/IQGEQn9ao4 — CWN (@Cyber_War_News) October 25, 2016