Company says it has no evidence that domain names were stolen.
Domain name registrar Moniker discovered suspicious activity on its network, and as a precaution is asking all account holders to reset their passwords today. The suspicious activity occurred yesterday.
There’s no notice on the site about the password change requirement, and if you try to log in you’ll just get a message that your password is invalid. However, the company sent an email to all account holders informing them of the issue.
The company states that it is unaware of any domains being lost or transferred out of Moniker by the perpetrators. There’s also no evidence that any confidential or credit card information has been compromised.
These types of issues are becoming commonplace, and it’s one more reason for domain registrars to add additional layers of protection, such as two-factor authentication, to accounts.
someone says
Oddly enough got same type of issue with my yahoo email account. Brut force attack attempts I suppose.
WQ says
I thought it was a fake email as it was sent from lt02.net
Cannot log into my account and no notice on site about needing to change a password.
Andrew Allemann says
@ WQ – interesting, I received several notices and one of them did say via lt02.net.
I think standard practice on emails like this is to mail merge in your name to the email so you know it’s legit.
Joe says
I was also thrown off by the spammy looking lt02.net. Anyhow, I am bloked out of my account for several hours now. The phones seem to be jammed.
Andrew Allemann says
There’s a notice on their site now, as well as the phone numbers to call if you need assistance.
Josh says
Did 2 this morning, very quick to answer the call and helpful….that was the strangest part lol
ChuckWagen says
Email with embedded link, bunch of goons.
Andrew Allemann says
@ ChuckWagen – best practice is to not include a link in the email. Trains customers not to click on links on emails from registrar, so cuts down on phishing.
ChuckWagen says
Moniker’s hold music is from Hell. This is such a major fail on their part. I never supplied any such answers to their bogus “security questions”.
Josh says
This is what I was asked.
1.Account #
2.My name
3.My email used for the account
4.Phone # tied to account
I phoned because I couldn’t remember one darn answer to any security questions. Which btw led to deep though, who in fact is my fav artist? I digress
He was able to rush the process and reset the option to reset my security questions manually. Sent me the link to it and baam, new question/answer and in! Took all of 15 minutes including my short wait time.
I would have expected a little more grilling, like when is the last time you logged in, how many names in the account roughly etc.
Dave Z says
Blogged about it, too. I wish they indicated in their email that users can choose from an account number, username, or email (instead of just the first option) to have their password reset.
No doubt their phone lines are jammed. Although there can be (?) security issues, I somewhat wonder if lending support via social media like Facebook and Twitter could’ve helped somehow.
ChuckWagen says
I should’ve been more clear, but that’s (embedded link) exactly what Moniker gives you once you use the reset pword link. I despise having to click on links within emails.
Andrew Allemann says
Ah, got it.