Wednesday DNN ran an article about a purported hack of several domain name registrars by HTP (Hack the Planet).  While HTP claimed that the hosting company Linode.com was the intended target, the group also claimed they were able to hack in to Melbourne IT, Name.com, Moniker and Xinnet and provided “evidence” of this on their HTP5 zine in a file called registrar-data.txt .

Linode.com acknowledged the hack in a blog post.

Name.com has not responded specifically to the claims made by HTP, but the company sent out an email on the same day of our story alerting customers to change their passwords.

Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.

Moniker.com representatives sent DNN a statement today about the claims made by HTP.  As we had mentioned in the earlier article, the information published (which we are not reprinting for obvious reasons) contained a handful of user names and passwords for administrative personnel with email addresses using @oversee.net.  Moniker is no longer owned by Oversee and some of the employees on that list are no longer with Moniker or Oversee for that matter. The information seemed dated at best.

Moniker’s letter to DNN stated :

“In regards to the alleged attack, our investigation has revealed the following facts.

-The published file does not contain any access or information related to or about Moniker customers, their accounts or their domains.

-The information was also not accessed through the Moniker registrar platform.

-The information included in the file contained access to a discontinued standalone content only site intended for public viewing.

We take any security questions extremely seriously and felt it important to provide a detailed response.”

From what DNN saw in the HTP published files, there did not appear to be any customer user names or passwords from any of the registrars mentioned including Melbourne IT, Name.com, Moniker.com or Xinnet.  (In other words, your log-in information isn’t published somewhere online for everyone to grab.)  The published file seems to be more of a “look what we saw” snapshot.

A story on Hacker News from earlier Tuesday  mentions that a group of hackers , Hack The Planet (HTP), was able to hack in to several domain name registrars late last year . The registrars were not  specifically targeted, rather they were hacked in order to take down the hosting of another hacker’s IRC channel.

Even though the registrars were not specific targets of the attack, HTP have posted a file called registrar-data.txt (not resolving now which details some of the info accessed from the registrars.

The HTP5 zine (now apparently down, cached copy here) brags about the registrars being “owned”. Name.com, MelbourneIT, Moniker and Xinnet are mentioned: Speaking of registrars, Xinnet, MelbourneIT, and Moniker – you’re all owned. Back in November, we hinted at Huawei access in our Symantec release. Their registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P

The hackers admitted difficulty with Melbourne IT security specifically because the registrar controls the DNS for Twitter.   “Domain management credz for Melbourne IT are mostly internal SOAP requests. DNS control of Twitter is tight.”

The info that was accessible from the hack in to Name.com seems to include data base access to a great amount of information.  The registrar-data file lists countless databases including quickbooks, customer info, hosting accounts, etc.

The Moniker information that was published included several administrator accounts with user names and passwords. Some of the accounts included former employees of Moniker/Oversee. Moniker is no longer a company owned by Oversee so that information seems to be somewhat dated.

As these are claims by hackers that have yet to be verified by the registrars involved, DNN is making attempts to contact all registrars involved to find out what breaches of security occurred and what was done to fix these problems.  To our knowledge no customer account information has been published publicly and there are no reports of domains stolen.

As reported by Michael Berken’s The Domains, name.com sent an email alerting their customers of the breach asking them to change their passwords.

As reported by a number of sources, Melbourne IT (ASX:MLB) is selling it’s Digital Brand Management (DBS) to Corporation Services Company (CSC) for $152.5 million AUD. Melbourne IT had originally purchased the Digital Brand Management unit from VeriSign (NASDAQ: VRSN) for $50MM USD in 2008 and merged it with their existing corporate clients.

Demand Media just announced this morning that the are acquiring the retail registrar name.com. name.com was founded by Bill Mushkin in 2003. Demand Media also owns eNom and BulkRegistrar.com and is an active player in the new gTLD space. The acquisition will increase their reach into direct domain sales. name.com has over 1.5 million domain names under management.

Santa Monica, California – January 7, 2013 – Demand Media® (NYSE:  DMD), a leading digital media company, today announced the acquisition of Denver-based Name.com, a domain name registrar known for its strong retail footprint, award-winning customer service and creative spirit.  The acquisition is intended to expand Demand Media’s platform as it prepares for the historic release of new Top Level Domains (TLDs) this year.

Founded in 2003, Name.com customers have registered nearly 1.5 million domains, and use the company’s tools and services to grow their online presence.  As the second largest registrar in the world, Demand Media’s eNom subsidiary has over 13.5 million domain names on its platform registered by over 8,800 resellers and partners.  “Name.com will provide a direct channel for us to reach consumers and small businesses as they develop and manage their online identities,” said Richard Rosenblatt, chairman and CEO, Demand Media. “This becomes even more valuable as over one thousand new domain extensions are expected to become available for registration in the years ahead.”

In 2011, ICANN initiated the process for creating new domain extensions as a way to increase domain name choices for memorable or descriptive web addresses (for example, integritymortgagesolutions.com can become integrity.mortgage or integritymortgage.solutions) and help organize websites and information better (for example, gwathmey-siegel.com could end in a domain extension that maps to the nature of the business, such as .law, .architect or .cpa).  Last June, ICANN announced it had received 1,930 applications for new TLDs that were submitted by entrepreneurs, businesses, governments and communities around the world looking to operate a TLD registry of their own choosing.

Demand Media will retain the Denver-based team and the business will report to Taryn Naidu, executive vice president, Registrar Services.  “Our strategy is to provide an end-to-end solution for all things domains — whether you are looking to consume or distribute names and services,” said Naidu.  “Name.com brings innovation, creativity and a deep commitment to their customers – factors which we believe are essential in the environment of new gTLDs.”

[via Press Release]

Lots of buzz surrounded the end of the year Godaddy Groupon code deal.  For $25 the deal would get you $70 in credit on godaddy.  The credit applied to anything they sold, including premium domain listings as some reported.  Some domainers/couponers went all-in buying groupons from the 70 or so cities that had the coupons available.  Godaddy has plugged that leak and reversed all those extra credits. As my grandfather taught me, “if it’s too good to be true, then it probably is”.

I have to admit I jumped in to this and bought a few extra. I have thousands of names and using these on renewals was too good of a deal to pass up. I just checked my account after seeing Domain Shane’s post and all charges have been reversed.  As Shane put it “Godaddy Blows It Again“.   Oh well it was a nice idea for someone else to do right next time.  I bet Namecheap.com has some ideas up their sleeves already.

There’s been no news on what happened to the money I spent on those codes. I suspect I’ll see all the extra charges go back on to my credit card.

Anyone who bought extra credits and applied them to big purchases, please let us know what happened to those purchases.

Since many domain investors keep lists of domains ready to purchase when there are specials available, we figured we’d let you know about a current special that one of the early registrars, AIT Domains, is running for a limited time. You can register or transfer any COM, NET, ORG, INFO, BIZ or US domains for $2.99 including private registration and ICANN fee. No coupon code is needed.The price is only valid for the first year of domain registration and a limit of five domains per customer applies. Find out more about the special on their site.

DomainTools released an info graphic on whois privacylast week and we wanted to make sure that you didn’t miss it. DomainTools went through their data and identified 130 different privacy services across almost 225 million unique domain name Whois records. Almost 32 million domains were identified as private, or about 15% of the total population they reviewed.

Privacy Concentration for Registrars with between 100K and 1MM Domains Under Management:

1. Above.com PTY LTD  94%
2. April Sea Information Technology Corporation 93%
3. New Dream Network (DreamHost) LLC  91%
4. Brandon Gray Internet Services (NameJuice.com)  80%
5. Bargin Regisgtrar 76%
6. BigRock Solutions pvt LTD  47%
7. Cloud Group Limited 47%
8. Netart Registrar Sp. z.o.o. 47%
9. Net Earth One (Net Earth)  43%
10. FBS Inc.  43%

Privacy Concentration for Registrars with over 1MM Domains Under Management:

1. GMO Internet (Onamae.com)  51%
2. Fabulous.com pty LTD 48%
3. PDR (PublicDomainRegistry.com)  37%
4. DomainSite  33%
5. Moniker Online Services  26%
6. Register.com  25%
7. Enom  25%
8. Network Solutions  23%
9. Tucows  22%
10. GoDaddy  21%

Privacy Concentration for TLDs with over 1MM Domains in DNS:

1. INFO  28%
2. CN  20%*
3. ORG  20%
4. COM  19%
5. NET  19%
6. BIZ  18%
7. MOBI  17%
8. CO  17%
9. JP 12%
10. IN 1%

* Nearly all the ‘private’ domains in .CN are associated with one registrar and privacy provider, and there are indications of underlying domain tasting on .CN as well.  Absent this registrar, privacy on .CN is virtually nil.

Some TLDs that do not provide a public whois or only provide a limited public whois were excluded from the survey.

The French domain registrar Rapidomaine.fr. announced today that they obtained the Trusted Shops Trustmark certification.

Trusted Shops, leading service provider for secure online shopping in Europe, announces the certification of the site rapidomaine.fr:  legal compliance and refund guarantee secured.

In order to join the circle of e-commerce sites that have been certified by Trusted Shops, Rapidomaine has had to undergo a legal audit based on more than 70 quality criteria. Key areas of inspection include respect of consumers’ privacy, transparency in pricing and the conformity of the general terms and conditions with the law and the regulations of consumer associations.

“During the certification process, a legal expert guided us in rendering certain details of our site compliant. The legal audit revealed 14 criteria to be worked on out of fifty-six- that had already been fulfilled by our site,” highlights Alexandre Badelon, managing director of Rapidomaine.

“This trustmark attests to the fact that our general terms and conditions of sale, our product information and our other legal documents are in compliance with the law, which was already generally the case, but above all it shows that these elements form a coherent whole and function together in the interests of the customer,” he adds.

Collaborating with Trusted Shops and benefiting from its buyer protection allows online shops to offer their customers a secure environment.

“The Trusted Shops Trustmark is a display of trustworthiness that is indispensable for any e-commerce site that wants to show that it is reliable. Rapidomaine has fulfilled all of the quality criteria required to become certified. It is interesting to note that Rapidomaine is the first French domain name registrar and site host to be certified,” explains David Chau, director for France at Trusted Shops.

Rapidomaine is a French domain name registrar that was founded in 2002. The company manages more than 2500 active customers, 7000 domain names and hosts 1500 sites. The company became part of the SedoMLS network in July 2012.

Trusted Shops was founded in 1999 and has accredited over 10,000 retailers. Trusted Shops offers a comprehensive service for the benefit of both – shop operator and consumer, which encompasses Customer Rating, Legal Compliance and Money-back guarantee. Their clients include major brands such as Microsoft Store, Sarenza and Zalando.

According to a survey by German eCommerce aggregator Schottenland.de in 2011, more than 60% of users pay attention to quality labels when shopping online. Do you recognize the Trusted Shops brand or other trust marks? Do you think it will help Rapidomain sell better?

Member of Anonymous claims responsibility

As reported by a number of sources and experienced by ourselves, Go Daddy appears to be experiencing a Denial of Service Attack on their nameservers, taking down customers websites as well. TechCrunch reported on the issue and Anonymous Own3r has claimed responsibility. Go Daddy has acknowledged that they know that there is a problem and that they are working on it.

A few days ago the registrar EnCirca released new feeds (available via RSS and HTML) on their site that list new, expiring and auctioned domains in the .Travel and .PRO TLDs. According to EnCirca, News.pro recently sold for $3,600.00; credit.pro sold for $2,400.00 and irki.com sold for $1,200.00.

[via EnCirca]