**Hackers Break in to Prominent Domain Registrars, Moniker, Melbourne IT, Name.com and Xinnet
**
A story on Hacker News from earlier Tuesday mentions that a group of hackers , Hack The Planet (HTP), was able to hack in to several domain name registrars late last year . The registrars were not specifically targeted, rather they were hacked in order to take down the hosting of another hacker’s IRC channel.
Even though the registrars were not specific targets of the attack, HTP have posted a file called registrar-data.txt (not resolving now which details some of the info accessed from the registrars.
The HTP5 zine (now apparently down, cached copy here) brags about the registrars being “owned”. Name.com, MelbourneIT, Moniker and Xinnet are mentioned: Speaking of registrars, Xinnet, MelbourneIT, and Moniker – you’re all owned. Back in November, we hinted at Huawei access in our Symantec release. Their registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P
The hackers admitted difficulty with Melbourne IT security specifically because the registrar controls the DNS for Twitter. “Domain management credz for Melbourne IT are mostly internal SOAP requests. DNS control of Twitter is tight.”
The info that was accessible from the hack in to Name.com seems to include data base access to a great amount of information. The registrar-data file lists countless databases including quickbooks, customer info, hosting accounts, etc.
The Moniker information that was published included several administrator accounts with user names and passwords. Some of the accounts included former employees of Moniker/Oversee. Moniker is no longer a company owned by Oversee so that information seems to be somewhat dated.
As these are claims by hackers that have yet to be verified by the registrars involved, DNN is making attempts to contact all registrars involved to find out what breaches of security occurred and what was done to fix these problems. To our knowledge no customer account information has been published publicly and there are no reports of domains stolen.
And also, a friend of mine, received this e-mail from Domainsite.com:
"Dear [Customer Name],
We are writing to inform you of a security measure we have taken to protect the integrity of the domain names and information associated with your account.
Domainsite.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals. It appears that the security breach was motivated by an attempt to gain information on a single, large commercial account at Domainsite.com.
Domainsite.com stores your credit card information using strong encryption and the private keys required to access that information are stored physically in a separate remote location that was not compromised. Therefore, we don't believe that any credit card information was accessed in a usable format. Additionally, your EPP codes (required for domain transfers) were unaffected as they are also stored separately. We have no evidence to suggest that any data has been used for fraudulent activities.
As a response to these developments, and as a precautionary measure, we are requiring that all customers reset their passwords before logging in. If you use your previous Domainsite.com password in other online systems, we also strongly recommend that you change your password in each of those systems as well.
We take this matter very seriously. We've already implemented additional security measures and will continue to work diligently to protect the safety and security of your personal information.
We sincerely apologize for the inconvenience. If you need any additional assistance or have any questions please email customercare@domainsite.com. We'll continue to be as open and honest with you as possible as additional important information becomes available, so keep your eye out for a blog post or additional emails.
Thanks,
The Domainsite.com Team
www.domainsite.com"