Subscribe to RSS Feed

05|10|2013 01:59 am EDT

Moniker.com and Name.com Respond to Hack Claims

by Adam Strong in Categories: Registrars

Tags: , , , , , ,

Wednesday DNN ran an article about a purported hack of several domain name registrars by HTP (Hack the Planet).  While HTP claimed that the hosting company Linode.com was the intended target, the group also claimed they were able to hack in to Melbourne IT, Name.com, Moniker and Xinnet and provided “evidence” of this on their HTP5 zine in a file called registrar-data.txt .

Linode.com acknowledged the hack in a blog post.

Name.com has not responded specifically to the claims made by HTP, but the company sent out an email on the same day of our story alerting customers to change their passwords.

Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Name.com.

Moniker.com representatives sent DNN a statement today about the claims made by HTP.  As we had mentioned in the earlier article, the information published (which we are not reprinting for obvious reasons) contained a handful of user names and passwords for administrative personnel with email addresses using @oversee.net.  Moniker is no longer owned by Oversee and some of the employees on that list are no longer with Moniker or Oversee for that matter. The information seemed dated at best.

Moniker’s letter to DNN stated :

“In regards to the alleged attack, our investigation has revealed the following facts.

-The published file does not contain any access or information related to or about Moniker customers, their accounts or their domains.

-The information was also not accessed through the Moniker registrar platform.

-The information included in the file contained access to a discontinued standalone content only site intended for public viewing.

We take any security questions extremely seriously and felt it important to provide a detailed response.”

 

From what DNN saw in the HTP published files, there did not appear to be any customer user names or passwords from any of the registrars mentioned including Melbourne IT, Name.com, Moniker.com or Xinnet.  (In other words, your log-in information isn’t published somewhere online for everyone to grab.)  The published file seems to be more of a “look what we saw” snapshot.

05|08|2013 08:49 am EDT

Hackers Break in to Prominent Domain Registrars, Moniker, Melbourne IT, Name.com and Xinnet

by Adam Strong in Categories: Registrars

Tags: , , , , , ,

A story on Hacker News from earlier Tuesday  mentions that a group of hackers , Hack The Planet (HTP), was able to hack in to several domain name registrars late last year . The registrars were not  specifically targeted, rather they were hacked in order to take down the hosting of another hacker’s IRC channel.

Even though the registrars were not specific targets of the attack, HTP have posted a file called registrar-data.txt (not resolving now which details some of the info accessed from the registrars.

The HTP5 zine (now apparently down, cached copy here) brags about the registrars being “owned”. Name.com, MelbourneIT, Moniker and Xinnet are mentioned: Speaking of registrars, Xinnet, MelbourneIT, and Moniker – you’re all owned. Back in November, we hinted at Huawei access in our Symantec release. Their registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P

The hackers admitted difficulty with Melbourne IT security specifically because the registrar controls the DNS for Twitter.   “Domain management credz for Melbourne IT are mostly internal SOAP requests. DNS control of Twitter is tight.”

The info that was accessible from the hack in to Name.com seems to include data base access to a great amount of information.  The registrar-data file lists countless databases including quickbooks, customer info, hosting accounts, etc.

The Moniker information that was published included several administrator accounts with user names and passwords. Some of the accounts included former employees of Moniker/Oversee. Moniker is no longer a company owned by Oversee so that information seems to be somewhat dated.

As these are claims by hackers that have yet to be verified by the registrars involved, DNN is making attempts to contact all registrars involved to find out what breaches of security occurred and what was done to fix these problems.  To our knowledge no customer account information has been published publicly and there are no reports of domains stolen.

As reported by Michael Berken’s The Domains, name.com sent an email alerting their customers of the breach asking them to change their passwords.