A story on Hacker News from earlier Tuesday mentions that a group of hackers , Hack The Planet (HTP), was able to hack in to several domain name registrars late last year . The registrars were not specifically targeted, rather they were hacked in order to take down the hosting of another hacker’s IRC channel.
Even though the registrars were not specific targets of the attack, HTP have posted a file called registrar-data.txt (not resolving now which details some of the info accessed from the registrars.
The HTP5 zine (now apparently down, cached copy here) brags about the registrars being “owned”. Name.com, MelbourneIT, Moniker and Xinnet are mentioned: Speaking of registrars, Xinnet, MelbourneIT, and Moniker – you’re all owned. Back in November, we hinted at Huawei access in our Symantec release. Their registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P
The hackers admitted difficulty with Melbourne IT security specifically because the registrar controls the DNS for Twitter. “Domain management credz for Melbourne IT are mostly internal SOAP requests. DNS control of Twitter is tight.”
The info that was accessible from the hack in to Name.com seems to include data base access to a great amount of information. The registrar-data file lists countless databases including quickbooks, customer info, hosting accounts, etc.
The Moniker information that was published included several administrator accounts with user names and passwords. Some of the accounts included former employees of Moniker/Oversee. Moniker is no longer a company owned by Oversee so that information seems to be somewhat dated.
As these are claims by hackers that have yet to be verified by the registrars involved, DNN is making attempts to contact all registrars involved to find out what breaches of security occurred and what was done to fix these problems. To our knowledge no customer account information has been published publicly and there are no reports of domains stolen.
As reported by Michael Berken’s The Domains, name.com sent an email alerting their customers of the breach asking them to change their passwords.