According to newly received information, a former employee of dotDB sent a message to the user database without authorization. However, this incident did not result in data leakage or a security issue since all user account information and passwords are stored securely and encrypted.



DotDB is an online tool found on dotDB.com that provides users with the ability to search through a vast database of domain names. Users can search for keywords, length, TLD, and other parameters, and the database includes all TLDs, gTLDs, and a large number of ccTLDs. It can be used to generate leads or determine the value of a domain based on the number of existing TLDs that match.

Recently, the site was down for several hours before notifying registered users to change their passwords. From a technical standpoint, it appeared that passwords were either lost or that someone gained access to the database. While it is unknown whether that data was encrypted or not, it is always advisable to reset one's password regularly as a good security practice.

However, the site now displays a message that a "spammer" sent out notices that their services are being terminated. The spammer attempted to pass off as dotDB, and it is clear that they were able to get hold of a valid database of registered users at dotDB. This raises concern about what additional data was leaked, particularly for paid accounts.

Furthermore, it seems that the spammer sent out an email to validate those emails, using an email bounce-catcher service that bounced back any invalid email. Thus, it is crucial to change your password at dotDB immediately and avoid using the same password across various services.