An error by domain registrar DiscountDomainRegistry.com could have led to compromised financial data and 1000s of domain name hijackings.
A bug on the registrar’s web site exposed financial and personal information of 1000s of customers. Depending on the information exposed, it’s possible that someone could have logged into user accounts and stolen valuable domain names.
It’s hard enough doing your part as a domain name owner to keep your domain names safe. But this incident shows that not everything is in your control–you’re depending on your domain registrar.
DiscountDomainRegistry.com does not believe the vulnerability was exploited. According to an article at ComputerWorld:
Erik Ekkelenkamp, a systems project engineer at Strongwood, was researching .eu domain names when he clicked a link within DiscountDomainRegistry’s site. The link led to an error involving execution rights on a MySQL directory. MySQL is a widely used open-source database program.
A script plus other programming usually unseen was visible that allowed for a connection to the database, which contained credit card numbers, usernames, passwords and other information, Vandendries said.
Alexander says
Enjoy your domain food 🙂 Thank you.
Another problem is registrars did not hold our domains during the grace priod (it’s getting shorter). When you renew within 30 days after expiration, they may already been taken by others. Sometimes they even process your renewals successfully (charge you) but the domains are not actually renewed. I guess that’s why the expired domains market is getting much stronger and we have to pay lots more to catch expired domains …