We would like to make you aware of a password reset vulnerability that was discovered on our site this morning. We discovered this vulnerability at 8am. Password reset was immediately disabled and 38 minutes later it was patched. The vulnerability affected less than 500 No-IP accounts, most of which were inactive accounts.
During this time, no passwords were ever exposed. As a precaution, we have disabled the passwords of all affected accounts. If you were affected by this event, you have already received an email with instructions on how to reset your password. No passwords were ever exposed during this time. No-IP password databases are all hashed, salted, and encrypted to ensure they are kept safe. (Please also note that no credit card information was exposed.)
At No-IP, we take these events seriously and are working with law enforcement. We just wanted to take this time to let you know that we screwed up. Although this issue only affected a small fraction of users, it still sucks and should never have happened. We are sorry for this, and we will do better in the future to keep our network and your information safe. If you are having issues with your account, please open a support ticket, or give us a call at +1 (775)853-1883. Our support team would be happy to assist you with any issues you are experiencing. In the mean time, please refer back to our blog for any updates concerning this event.
Thank you for your awesome support!