Website domain name registrar Hover has emailed users warning of possible "unauthorised access" to one of its systems, and told them that they will not be able to log into the service until they reset their passwords.
In short - Hover, which is part of the Tucows empire, is worried that bad guys might have accessed account information.
Here is the email Hover sent out:
We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the “I forgot my password” option on the sign in page to change your password.
We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution.
There are no more clues that I could find on Hover's website. But if you visit its homepage you will find a link inviting you to reset your password if you have problems logging in.
The dearth of information leaves a vacuum that observers will no doubt fill with their own guesswork.
- Did a Hover employee have their account hacked, giving a third party access to the user database? We don't know.
- Did Hover identify suspicious activity on its servers? We don't know.
- If there was unauthorised access to one of Hover's systems, what kind of data might have been exposed? Email addresses, DNS records, passwords, payment information? We don't know.
- How many Hover users might be affected? We don't know.
Frankly, I think Hover would do themselves a favour by being a little more transparent about what is going on - even if they don't have all the answers yet.
One thing I would suggest in the meantime, however, is that if you were using the same password on other websites as you were using on Hover, you would be wise to change it. Just for safety's sake.
You should always use different passwords for different sites - because if one gets hacked, you don't want to experience the domino effect of your other online accounts falling at the hands of hackers.
Oh, and if you have a Hover account, it's probably a good idea - once you have reset your password - to enable two-factor authentication as well.