Melbourne IT the weak link as Twitter and NY Times domain names compromised

Two big sites have their domains compromised — and both use the same domain name registrar.

Twitter and the New York Times have apparently had their domain names compromised, and the two companies have one thing in common: they both use MelbourneIT as their domain name registrar.

As of right now, the New York Times whois record reads:

newyorktimes

Twitter’s whois record seems to be fine when I look it up on Melbourne IT. As the domain registrar for the domain, MelbourneIT’s whois is the most up-to-date.

However, the DNS was allegedly compromised earlier today. If that’s the case, it was quickly fixed.

There’s also chatter that Huffington Post’s UK site had its domain name compromised. I can’t confirm this immediately, but it also uses Melbourne IT for its domain registration.

It baffles me that large sites like this can be put into a position where their domain names can be altered. I sure hope both of these companies have been offered two factor authentication for their registrar account — and are using it.

Comments

  1. says

    The registry WHOIS at Internic.net shows that Twitter.com is on VeriSign-lock (e.g. Status: serverUpdateProhibited), with a last updated date in April 2013. So, even if the registrar WHOIS was compromised, it doesn’t appear that the nameservers were ever changed (when a domain is under VeriSign-lock, it requires human intervention to unlock).

    The NYTimes.com WHOIS at Internic.net does show it was updated today, though (August 27th), and is now on VeriSign lock. The WHOIS history at DomainTools doesn’t show the historical registry WHOIS, though (to know whether it was on VeriSign lock prior to today).

  2. says

    George we both know that registrar lock means nothing in the real world. I’m betting that SEA now has control of melbourneit.com and with it any domain that is in their system. Actually based on their recent twitter post they are currently logged into Twitter’s account at melbourneit.com.

Leave a Reply