Yesterday DomainTools experienced a high volume user email harvesting campaign which abused a flaw in our individual membership email update processes. To the best of our knowledge, no DomainTools customer login and password combinations were compromised by this scripting effort. However, the campaign appears to have correctly matched a few hundred current or historic DomainTools account email addresses.
We encourage DomainTools account holders to change their passwords as a precautionary security measure. From our investigation it appears the actor used email addresses from prior well-known breaches and ran those against our email update process. This campaign resulted in the DomainTools website confirming the existence of a limited number of user email addresses in our membership system. From there, the attacker could conceivably attempt login/password combinations sourced from those prior data dumps such as LinkedIn or Dropbox . These large scale data breaches can be researched at discovery sites such as Have I Been Pwned.
We want to apologize to our account holders for the inconvenience this may cause. The security of our users is paramount and despite what initially seems like very limited exposure we wanted to notify all our current and prior active users of this situation. DomainTools has patched the system in question and implemented additional monitoring for any account abuse stemming from yesterday’s activity.