

Massive Moniker.com Breach, Valuable Domains Stolen - yofie
http://dotweekly.com/massive-moniker-com-breach-valuable-domains-stolen/

======
srcmap
Up voting this to keep PR pressure on Moniker and other domain registry
companies.

Domain xfer should be completely traceable and reversible. Love to heard the
follow on stories on this.

~~~
xh208
If anyone is looking for alternatives,
[https://www.domcomp.com](https://www.domcomp.com) is a good resource.

------
tcoppi
I have a Moniker account with one domain and the access log shows an access on
Sep 26 from 88.150.178.59 as well. The email I got yesterday with PLAINTEXT
passwords was extremely strange and prompted me to start shopping around for
another domain provider, this just makes me want to get it done today.

~~~
scottlinux
I too have this IP in my account login history. As well as others since July
from other places globally.

This appears it was not brute force attempts, as the log would show failed
login attempts. They just logged right in, first try. Sounds like a web site
vulnerability.

------
mijale
These guys. Sigh. 88.150 logged right into my account and the account rep told
me that they had no limit to how many times someone can try and get in. It has
since been fixed. Also sending user names and passwords in plain text... c'mon
man! Moniker is in the midst of transitioning to new software since
acquisition and the renewals are faulty and security is lacking. Time to move
on.

------
christiansmith
If Moniker's customer service is any indication of the way their operations
are managed, this doesn't surprise me at all.

The company was an absolute nightmare to deal with when I was a customer.
Three years in a row they caused me enormous grief just trying to renew a .io
domain. For example, shutting it down and throwing away DNS records roughly
two weeks before the actual expiration with no warning. Their communication
about the special rules and requirements for .io was just horribly
inconsistent. At one point I had to complain to BBB just to get a response.
Took well over a week to get my email for that domain working again! And they
held the fix hostage demanding a ridiculous amount of money to bother making
it right.

Hopefully the new CEO has been able to get this kind of bs under control, but
in the mean time I moved all my domains to namecheap.com and now gandi.net and
it's been perfectly smooth sailing.

~~~
astrodust
Moniker should win an award for how obnoxiously user hostile their site is and
how completely ineffective their support channel is. It's like they went out
of their way to make it impossible to use, that their express business goal
was going out of business as rapidly as possible.

I had some luck dealing with Moniker over Twitter, but their email and site
form options produced _nothing_. It's absurd that you have to bitch about how
bad a company is in a tweet to get a response.

------
bhartzer
It's a shame, 10 years ago moniker was the most secure registrar. Apparently
not anymore.

------
astrong
Just requested my moniker.com password and they just went ahead and emailed it
to me in plain text without any sort of authenticating. Great security
features.

I also see the IP 88.150.178.59 in my logs. No missing names that I can see.

