Bottle Domains customers caught in security scare

The Australian Federal Police is investigating a security breach at Australian registrar Bottle Domains that may have exposed an unknown number of account and domain name passwords.

Several calls placed by iTnews to Bottle today were not returned.

But in a letter issued to customers today, Bottle said that "a number" of its accounts had been targeted and that it had "updated" both the account and domain name passwords for its customer base "as a precautionary measure".

"Whilst strict security is in place, we have taken further measures to enhance and protect your security, including human verification of important registry updates," Andrew Steven, general manager at Bottle Domains, said in the letter.

"We are working in conjunction with the Australian Domain Administrator, relevant authorities, and independent security experts to review and consider even further measures to protect your important data".

The Australian Domain Administrator, auDA, has confirmed the breach took place.

auDA chief Chris Disspain said that Bottle had been instructed to change passwords and conduct an independent security audit of its operating systems.

"auDA is working with Bottle Domains to manage any security risks arising from the incident, and has today sent email notification to customers of Bottle Domains," Disspain said.

"Whilst the AFP investigation is ongoing, it is inappropriate for auDA to make any further comment. However, auDA will take further action as necessary when the investigation is completed."

Domain Central is also understood to have reset passwords following the breach.

Calls to Domain Central's main customer support number went directly to voicemail.

But in a separate email to customers, the company's customer service team said it had "no indication" of any accounts being directly affected by the breach.

"We have been made aware of a security attack on another Domain Registrar owned and operated by Domain Central¹s parent company, and although we have no indication that any Domain Central accounts are affected, and note that Domain Central is on an independent platform to this Registrar, we feel that as a matter of prudency, greater security measures are justified," the email said.

"Over the near future Domain Central will be introducing new account features which improve security and awareness of changes to your services, in our continuing effort to improve features and the security of our customer¹s critical services."

More to come