Sites belonging to Web.com Group Inc., including Network Solutions, have been compromised with potentially millions of customer records stolen.

The data breach was detected Oct. 16 and included customer information on Web.com, NetworkSolutions.com and Register.com. The data included names, addresses, phone numbers, email addresses and information about the services used by each user but did not include credit card data.

Whether password information was stolen not entirely clear with security researcher Brian Krebs saying that it’s possible that they were stolen, scrambled or otherwise, although Web.com itself says that it does not believe passwords were accessed.

Network Solutions, acquired by Web.com for $405 million in 2011, is best known as the world’s first domain registrar. According to data from DomainState, it remains the fifth most popular domain registrar in the world today. Web.com’s other sites, Web.com and Register.com, also offer domain registration services along with complementary services such as website hosting and design.

The company said that it had hired a cybersecurity firm to investigate and determine the scope of the incident, had notified law enforcement and was notifying customers affected by the data breach.

How the data breach took place was not disclosed by Web.com, although it did note that unauthorized access had first occurred in late August.

“Network Solutions’ data breach exposed account holders’ contact and service information, which is all that cybercriminals need to execute highly tailored, convincing phishing attacks and impersonation attempts,” Alexander García-Tobar, chief executive officer and co-founder of business email compromise firm Valimail Inc., told SiliconANGLE. “Phishing campaigns often follow hot on the heels of breaches like this, targeting the victims with fake security warnings that look like they came from the breached company.”

Image: Blogtrepreneur/Flickr