Moniker: Issues Statement On “Unauthorized Data Release” By Moniker Employee
Moniker has just released the following statement acknowledging an “unauthorized release of customer data” by a Moniker Employee:
“”Moniker has learned that one of its employees violated company policy by distributing customer data for a single domain name registration. The employee has been placed on administrative leave while the company further reviews the matter.
“”Only one employee and one customer registration were involved. However, unauthorized data access of any kind, no matter how large or small, is an issue taken very seriously by Moniker and by its parent company, Oversee.net, and is being addressed directly.”"
This appears to be related to the story Rick Schwartz hinted about yesterday and wrote about today on his blog.
Based on the information contained in Ricks post and the above statement, I think the employee should have been named, fired and Moniker should have immediately implemented a policy that would prevent any future “unauthorized data release” by denying access to such information.
If people place their names under privacy, sometimes paying extra for the privilege, they should receive privacy.
Domains under Privacy should only be disclosure as and if required by law, such as under a UDRP or court order.
Loading ...
Wait until employees participate in domain thefts, as an insider job.
The entire Oversee operation appears to be a sinking ship. Their internal corporate culture is a catastrophe. When the subordinates are out of control and jeopardizing your customer goodwill for their own personal motives (Nelson Brady, now this), that hints that the people at the top are seriously lacking in management skills.
I’m not jeopardizing my names with clowns like this.
I’ll start scaling out of Moniker over fy11 and into Fabulous.
And lets not forget the ‘founder factor’, with Monte leaving.
The writing’s on the wall here.
Well,
Another human sacrifice to save Corporate face …
When they threw Halverez (Nelson Brady) under the bus …
to save the other guilty clowns, guess who is still running the show!
Sure this is misuse of the data and the person should be fired immediately. Employees need access to sensitive information a lot of times to do their jobs. I would take this for what it more than likely is, a one time incident. They should fire the person, apologize, and move on. I’m not sure what else should be expected of them.
Here is a good word for Moniker: none of my domains
disappeared in a black hole of Registrar greed, or was held hostage
for outrageous reinstatement fee, like rel="nofollow">certain registrars practice, Jeff
Kupietzky personally answered some of my emails, and many staff are
known by name, and they’re pretty nice! Should a company look at an
employee’s history when determining discipline? What if an employee
has an outstanding record, and shows bad judgement one time? It’s
pretty bad, what that employee did, but privacy is only protective
until a UDPR is filed. Then the privacy info must be made public.
Leave the decision up to Moniker.
If a different group of Domainers use Peer-to-Peer DNS and do not use Registrars or a Registry, then they only have themselves to blame for releasing their personal information ?
Yet, Domainers seem to LOVE the ICANN system of Registrars (that sort of own your domains) and Registries (that sort of own your domains) ?
Realistically, Domainers have very little choice or chance to shape the existing “system”. Domainers choose to play in the flawed system and people see the price they pay here.
Some Domainers are of course their own Registrar, removing one layer of middle men from the system. That is rare, yet more secure and trusted.
As Peer-to-Peer Domains are incorporated into “the biggest platform known to man” it will be interesting to see how Registrars prove they “own” domains.
Was this statement sent out to all customers?
I never got an email.
@ Jacob – “Sure this is misuse of the data and the person should be fired immediately. Employees need access to sensitive information a lot of times to do their jobs. I would take this for what it more than likely is, a one time incident. They should fire the person, apologize, and move on. I’m not sure what else should be expected of them.”
If those steps had been taken immediately, then this wouldn’t be such an issue. The fact is, no-one would know about it if RS hadn’t brought it into the open – forcing Monikers hand. Remember, we are talking about Privacy ‘PROTECTION’ here. What’s occured is tantamount to theft.
I worked at AOL many years ago and there was a similar situation. The employee was immediately fired.
“Administrative Leave”?
Does Oversee.net really want another black mark by not taking action? Why exactly has Halvarez not been arrested? Will anyone ever be held accountable for their actions?
Brad
Fire the schmuck, he is a total phoney, as well.
Gnames
I got the notice to thedomains.com
Not sure the notice went out to any to any customers
It is stealing. They stole someone’s private information probably to sell to someone. Information that someone paid to keep private. I think it is not just a civil matter but a criminal action. They should be arrested and charged (as Halvarez certainly should have been).
But I’m sure they were born with that “theft gene” …it’s really not their fault. Where’s our compassion? Give me a friggin’ break!
This has evolved in to quite a “Who Did It ?” story.
Who Dat ?
Hello Mike,
The implications of this whole isolated event at Moniker are an industry wide problem. Wherever there is lots of cheese stored there are lots of rats after it. I will say this, that as a client of Moniker almost from inception, I feel it is still the best choice of any of them. To his credit Monte always followed up with me almost immediately on any security breach I may have thought happened.
To tell you the truth I got a little paranoid about security after he left. Lets hope Moniker learns from this lesson, and I am confident they will.
Gratefully, Jeff Schneider
This isn’t right at all. Why do I have to find out about this through TheDomains or Rick Schwartz?
It’s just another black mark.
Every industry has it’s dark side to beware of. I was an ppc affiliate manager for a large corp and seen so many similar security/privacy breach issues.
Gnames
I think I can say with some confidence that if not for the blogs you mentioned you may have never heard about this issue and there would never have been the statement issued by Moniker/Oversee
Checked to see if “Monte Cahn Sucks” is registered: YES.
MonteCahnSucks.com – regged at 1&1.
So can’t be it related to this domain. Plus Monte just left Moniker.
Then checked to see if “Patrick Ruddell” is registered: NO.
PatrickRuddellSucks.com is available as of this moment.
So can’t be it related to this domain.
Then checked to see if “Chef Patrick Sucks” is registered: YES.
ChefPatrickSucks.com was registered at MONIKER.
Registered recently too: October 2010.
Plus under Whois Privacy.
So is it related to this domain?
I hope Patrick’s not involved cause I respect the guy for what’s he’s accomplished, but if so, at least he has his new site http://ScienceFiction.com to fall back on.
If you permit it you promote it. This is a close 2nd behind theft, I am sure staff have been fired for regularly being 5 minutes late, which is worse?
Another scandal for Oversee/Moniker, not exactly what they need. They already have a tarnished reputation over the Halvarez scandal and how they handled it.
SnapNames.com was given warnings for years about the bidder “Halvarez” and always vouched that it was in fact a real bidder.
In fact when that news broke many people guessed the bidder before it was released.
There are threads on NP and DNF from early 2006 talking about the bidder Halvarez on Snap.
He is finally outed after years of fraud and what happens? Pretty much nothing. It was treated as a civil case when it was clearly criminal fraud.
I have domains @ Moniker, but things like this really make me question anything under the Oversee umbrella.
Brad
No Spam
Since you bought up Sciencefiction.com again, its interesting to note that as I did when I wrote about it there are other Oversee employees involved in that site.
http://www.thedomains.com/2010/12/23/techcrunch-covers-chef-patrick-his-a-of-sciencefiction-com/comment-page-1/
Goes to show that Quality Control is important in every industry, including domainin’.
- TBC
I started transferring all my domains (several hundred) as they came up for renewal from my principal registrar to Moniker. While I realize it might amount to a small amount of revenue for Moniker yearly and may be of no consequence to them, I have just kind of gotten my feet wet in this industry and plan on expanding both my repertoire and inventory.
It’s not scandals like this that concern me, but things like the fact that they don’t communicate with their customers which equals shitty customer service or support.
Case in point why did Thedomains get an e-mail about this and not other customers!!!? no offense to you Mike or your blog (just illustrating my point), but are you a more valued customer or deserve better or preferential treatment or privy to information that other domainers with Moniker accounts are not? If something dire should come of this as a consequence of this leaked information should not the guy with a few domains at registered at Moniker not be informed or entitled to know something about it or is this just information for the big privileged domainer.
Another example… whenever they run their monthly themed auctions and I have submitted domains for consideration, my e-mail might as well have disappeared into cyberspace because I never have gotten so much as a “thank you, for your submission” or a Dear John “your domain sucks” better luck next time or a return e-mail from them. ABSOLUTELY NOTHING! zero, zip, nada. No form of recognition or even acknowledgement that someone on their end received or saw my submission. Just left hanging in limbo. My point is that even if the domain was double hyphen, three word .info, and it was my only domain registered in their account, They need to learn to acknowledge and keep their customers informed.
Godaddy as bad a rap that it get’s could teach them a hellava a lot about customer service, appreciation and communication.
In retrospect, I think companies like Moniker and Sedo suffer from “To Big To Fail” Syndrome.
After continuous drop in ppc, I have finally moved my entire portfolio (1000s and 1000s of domains and few million uniques) away from DomainSponsor. The customer service became extremely bad about 2 years ago and the revenue never improved. In fact revenue dropped suddenly another 50% in last couple of months from already bad levels and I just made the decision to move out to sedo.
So far so good but its a little early to tell how it will fare at sedo, but sedo’s customer service from dedicated account managers is very good. Sedo is treating us with respect and dignity instead of always being ignored by DS.
Btw, I had great times with DS from 2004 to early 2008 when I dealt with great account managers including Sam Aidun who I still respect a lot for the care he provided.
Finally I am out of DS but with very heavy heart as I was not looking forward to it but 80% drop in ppc and extremely bad customer service forced us to move out completely.
I kept thinking DS will improve but I was wrong and could not take it anymore so moved out after almost 6 – 7 years. I was a very loyal DS customer but they didn’t give a shit.
Thank you.
After the Nelson Brady incident and now this, Moniker need to ensure this staff member is fired and named publically if they’re going to protect their ailing reputation, or no-one will trust the “privacy” of their data with Moniker. After all, the Halvarez scandal was really about a breach of privacy – the privacy of their customer’s proxy bids. Knowledge is power and Moniker must act quickly, decisively and openly.
so lets take an analogy…
say an affluent Domainer invests hundreds of research hours, and capital acquiring and registering future domains with whois privacy.
Then lo and behold, you find out an employee from your Registrar has been casing your portfolio while you sleep.
In turn, that “Registrar Employee” intentionally registers and acquires names within your exact verticals. Then, that same “Registrar Employee” has the hutzpa to write an inflammatory, maniacal letter taunting and intimidating you about your domain assets.
This Moniker Employee should definitely be terminated ASAP.
Our community is small, thus, one fat, phoney, unethical apple will rot the bunch.
-Andrew
@ Brad
SnapNames.com was given warnings for years about the bidder “Halvarez” and always vouched that it was in fact a real bidder.
————-
This shall be Known henceforth as ….
” HALVEREZ ll ” the sequel
the future is now… i was gonna say something more meaningful but then i’da had to think. let’s dance.
Let’s pool our resources, buy an island fortify it with rum, guns and money and start our own ccTLD.
.Con
I thought this was going to be something serious.
Happy New Years!
My Brothers and Sisters… Partners in Crime and Fellow Dreamers and Schemers.
May the New Year bring You All the Peace and Prosperity You Deserve.
The Captain is now Abandoning Ship and Heading Out To Uncharted Territories.
Yours in COMplicity,
Dean
1/1/2011
The question that needs to be asked (and answered!) is whether Moniker keeps an audit trail of employees’ activity in their system and has this employee performed any other privacy breaches. If so, what was that information used for? If this employee was a broker, for example, has private contact information been used to solicit domain owners?
Well Jeff,
how about a statement from you on this important issue,
instead of this NEW Mason Jar Guy??
Really doesn’t seem like a big story to me. So this happened and they are dealing with it? Where’s the big deal? At least the process is open and honest rather than keeping it secret and hiding what happened. In my eyes it’s hardly a “scandal” or something that rocks the industry.
In my opinion, people act like they’re Saints. Is Moniker a church? Are thry a sports coach with bad players? No. Should the employee be fired? Probably not. The employee is being treated as if they killed a person. Companies have to take measures to prevent future problems.
The domain name and the breech in question are no different than owning other questionable domains. The goal is to do whatever it takes to make revenue.
I understand that domain privacy is a concern. Many customer files are displaced everyday. Moreover, there are many instigators out there that have a vendetta to expose companies for their lack of ethics.
Who is 100% honest in the world? Buyers rip off sellers and vice versa. Companies sell customer information for profit. A domain owner sells a $300 name for $10,000+. Do end-users receive credible information to make informal decisions? Not a chance.
There are a bunch of righteous people out there trying to play the progressive. If the employee has a history relating to breeches, then Moniker can discipline them.
It really depends on the terms and conditions of employment. What’s the big deal with having a a name of an elite domain investor following sucks.com?
The theme of this article is to demonstrate that privacy is supposed to protect a domain owner. Information shouldn’t be given out that may jeopardize the parties involved.
What I find inconsistent is how people are too quick to judge a situtation, buy then they adopt the same unethical behavior in taking advantage of others. That is being biased, or a hypocrite. Maybe the domain company wants to make sure the information is accurate before issuing a statement.
Writing about the breech is an attention getter. Maybe the employee wants attention, as well. Who really knows the backstory. It looks like many domain investors want domain companies to fail.
Reminds me of another blog that criticizes me for asking questions, saying that this isn’t kidergarten, and then they go out there and develop a question site. Same with setting a domain’s value based on performance , age, and keywords stats.
Almost every blog is the same. The blog that leeked the story should have waited because it is not their duty to interfere with the case. Controversy equals traffic.
Even though a good friend is involved, they may attract unwanted attention with releasing the story ahead of Moniker. Anyhow, nice informative article.
I have one thing to say….. CONIKER!!!
Ron Jackson at DNjournal.com has now reported on the story as well and he has some more information and insight on it:
http://www.dnjournal.com/archive/lowdown/2010/dailyposts/20101231.htm
@ David Williams
they have not done the right thing and were not open and honest
=========
Yes, correct if it was not for Blogging we would not know about
this latest industry scandal.
Was the Employee “Nelson Brady” (Halverez)
already working from HOME?
Statement said
“The employee has been placed on administrative leave while the company further reviews the matter.
Only one employee and one customer registration were involved”
???
Statement says the company is reviewing the matter but states that only one employee and one customer were involved?
So they completed their review?
Remember, no one gets caught the FIRST time.
Don’t forget Craig Snyder was CEO of iReit when they were buying domains from Halverez.
Not speculation, fact.
[quote]Domains under Privacy should only be disclosure as and if required by law, such as under a UDRP or court order.
[quote]
…except that’s not what RAA 3.7.7.3 says…
John
So is it your opinion is that employees of registrars can share registrant information of domains under privacy with third parties?
Should the employee be fired? Probably not. The employee is being treated as if they killed a person.
—
Did you even bother to read what happened here?
Someone breached privacy, then took that information to someones EMPLOYER in an attempt to (presumably) get them fired or otherwise slander their reputation with their employer.
This isn’t a simple case of someone looking at privacy. This is a case of someone being attacked.
Wake the hell up.
3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm
- http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm
The Registered Name Holder – that would be the privacy service, right? And the domain which raised the issue with the employee had the employee’s personal name, plus, “sucks,” or something negative in it, right? It’s a sticky situation, isn’t it? As a “third party,” the employee would have been within his rights to approach the Registered Name Holder, or privacy svc of the Registrar, in this case, Moniker – with evidence of the offending domain and request the “contact information provided by the licensee and the identity of the licensee,” or the Registrant. In effect the “3rd party,” or employee, gave himself the contact information entitled to him as a 3rd party.
So ICANN needs to add a provision that Registrar employees as 3rd parties have to handle their personal concerns through a different method, whereby they don’t access the information except through a non-involved office in the Registrar.
It’s sort of like contests: family and employees of the contest aren’t allowed to participate – maybe Registrar employees need to abide by a different set of rules. But up until now, maybe the employee didn’t commit a violation.
@ John Berryhill, did I summarize that right?
Louise
“”As a “third party,” the employee would have been within his rights to approach the Registered Name Holder, or privacy svc of the Registrar, in this case, Moniker – with evidence of the offending domain and request the “contact information provided by the licensee and the identity of the licensee,” or the Registrant. In effect the “3rd party,” or employee, gave himself the contact information entitled to him as a 3rd party”"
Just to be clear the employee did not contacted the registrant but a third party and disclosed this information.
Anon,
Do you know the whole dam story? Do you work for Moniker? Or are you a domainer and blog reader that follows the mass? Slander is making false accusations to ruin a person’s credibility.
Is the affected party going to lose their job due to this employee tell their employed about some dumb domain that a teenager can register? The case is about privacy.
Everyone else will question their privacy over an isolated incident – playing the victim, which I think is pathetic. Sound like a bunch of people looking for attention. The case goes way above you.
Anon,
Do you know the whole dam story? Do you work for Moniker? Or are you a domainer and blog reader that follows the mass? Slander is making false accusations to ruin a person’s credibility. Do you know the details of the case?
Will the affected party lose their job due to this employee informing their employer about some dumb domain that a teenager can register? The case is about privacy. Everyone is making a big deal over the incident.
Like a credit card company hasn’t sold your information before. Maybe you get a hundred phone calls from solicitors.
Everyone else will question their privacy over an isolated incident – playing the victim, which I think is pathetic. Sound like a bunch of people looking for attention. The case goes way above you.
People crave conflict and attention. Domainers read blog posts, and then they think they know everything. And they probably fear their privacy is at risk.
Moniker customers are complaining they didn’t receive an email informing them about the breech. So these customers are feeling rejected. If people want your information, they will find it. The same goes with acquiring a domain.
Now the case is shifting from privacy to intent to harm another based on a domain name. People want these scandals to bring more attention to the domain industry
I would never write a blog about anything that I have no business discussing. You can be held liable if you get the facts wrong. Companies have to follow protocol. People are suggesting the company terminate employment without investigating the intent.
The blog article is working. Already the most visited on this blog, as well as the most commented.
J
Just to be clear, I personally have knowledge of the whole story.
The names of the employee, the domain holder and all other parties were left out to respect those involved as well as to give Oversee an opportunity to take action.
“So is it your opinion is that employees of registrars can share registrant information of domains under privacy with third parties?”
Oh certainly, Mike. Yes, that’s exactly what I said.
Not.
An employee at Moniker clearly did something they ought not to have done. Since it involved a breach of privacy affecting one person, then a public announcement seems like a compounding of the problem.
My comment was in response to your assertion about when privacy should be lifted in general. The reason I responded at all was that others might believe or rely on your statement, which is by no means true at any registrar. Because that provision of 3.7.7.3 is a Rorschach test, there is no uniform understanding of what it means.
But that sort of rhetorical corner-painting device is beneath you, and I’ll chalk it up to a post New Year’s haze.
In any organization, these kinds of things happen. If an employee of a fast food restaurant cribs someone’s credit card, I expect that employee to be appropriately disciplined. That can happen in any business.
Has the US Army issued some public mea culpa over Bradley Manning? No. He’s in the brig awaiting the completion of investigation and eventual arraignment.
Since you are privy to the details, perhaps you might post the relevant parts of the employee’s contract which spell out the steps Moniker should take here.