In an email to customers sent today, Enom CEO Taryn Naidu wrote that hackers hijacked the DNS traffic of four domains managed by Enom.
We’ve reached out to Enom to find out which sites were attacked. The New York Times reported on Tuesday that The Federal Reserve Bank of St. Louis, which uses Enom as its domain name registrar, suffered a DNS attack.
Naidu, also the CEO of Rightside, noted that “after exhaustive analysis, with the exception of the DNS of the domains specifically targeted, we do not have any evidence or reason to believe that these malicious actors accessed any customer accounts, customer personal information, or any of Enom’s secured and encrypted data.”
The full email from Naidu is below:
I want to inform you that Enom recently became the subject of what appears to be a very sophisticated attack by a group that targets large internet infrastructure companies. Within hours of this attack, we were in contact with federal law enforcement and the affected parties. This attack hijacked the DNS traffic of 4 domains for a very short period of time before we mitigated the situation.
You have not been impacted by this incident and you are not required to take any action to ensure your future security. However, in an effort to continue to strive for transparency and best in class services, I wanted to inform you of this unfortunate situation.
To be clear, no domain names were stolen, and after exhaustive analysis, with the exception of the DNS of the domains specifically targeted, we do not have any evidence or reason to believe that these malicious actors accessed any customer accounts, customer personal information, or any of Enom’s secured and encrypted data. Your security is a leading priority at Enom and we continue to work both with federal law enforcement and industry leading security forensic companies to protect your online presence.
I know you trust Enom with your domain names and services and we take this responsibility very seriously. We appreciate your business and you have our commitment to continue to do what it takes to protect your assets.
Here’s a statement from Enom:
This attack hijacked the DNS traffic of four domains for a very short period of time before the situation was mitigated. Within hours of the attack, we began working with federal law enforcement and the affected parties were notified. For privacy and confidentiality reasons, as well as ongoing federal law enforcement engagement, we are not discussing what domains were affected.
Editor’s note: This story was updated to reflect that four large Internet infrastructure companies were attacked.