I use Hover to handle all of my domain name registrations. Yesterday, I received an e-mail from the company asking me to reset my password. From that e-mail:
We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the ‘I forgot my password’ option on the sign in page to change your password.
We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution.
We apologize for the inconvenience.
I’m never surprised to receive notices like this. It seems like we’re being asked to deal with security breaches in our online accounts on a daily basis these days. But I haven’t been able to find any further information online as to what exactly happened at Hover. The company didn’t post anything about the breach on its blog and none of the usual tech-news outlets have mentioned it. I understand that this isn’t exactly the kind of thing Hover would want to publicize. But the company probably has many customers who’ll never see the notice I received, just due to the nature of e-mail and how people use it.
Regardless, I did change my Hover password today without incident. If you’re also a Hover customer, be sure to create a new password for yourself as well.