Customers of Sydney-based domain trader Netfleet may have had their personal details and encrypted credit cards compromised after hackers infiltrated the reseller’s database, CRN has learned.
Netfleet bills itself as Australia's largest and most active domain name trading website operated by “a small team of developers and domain enthusiasts”.
It admitted that hackers may have stolen customers' name, email and street addresses, phone numbers and encrypted credit card numbers with expiry dates.
"Whilst we believe no sensitive data such as credit card information was accessed by the intruder, there is a possibility that this is indeed the case and as such we felt it our duty to inform you,” the company wrote in an email to customers today. "Since learning of the intrusion, we have taken the affected systems offline and are taking steps to address the vulnerability that led to this incident.”
"I would like to stress that we are erring on the side of caution and, there is no need to be unduly alarmed as it is in fact only a very remote possibility that your details have been accessed."
The company is cooperating with the Australian Federal Police and the Computer Emergency Response Team (CERT) Australia to “undergo an exhaustive investigation in this matter”. Its website remained offline yesterday with a message noting “technical difficulties,” but has since begun normal operation.
Netfleet was formed in 2008 after au Domain Administration (auDA) changed its rules to allow registered Australian domains to be re-sold. It operates in a partnership with Netregistry and boasts to sell “exclusively the top level .au domain extension”.
A Netregistry spokesperson said the company was unaffected by the breach.