The theregister.co.uk, is reporting that the theft of 300 domains hosted by 123-Reg last year.
“What appears to be a glaringly obvious security hole has been blamed for the snatching…anyone with a hosting package from 123-Reg and hence an account control panel, simply had to change the final section of the URL manually (to, for example, /someoneelseswebsite.co.uk) to be able to gain access to another site’s emails, name servers and billing.”
“”With access to the admin panel, would-be domain thieves just had to change the contact details for UK registry Nominet to a new email address and then do a failed password request to have a new password sent to the new email address, locking the original owner out”.
Nominet said that its investigations into the issue revealed that “a total of 300 domains had been transferred over to a new registrant in the post-expiry period without the permission of the original registrant”.
“We [have] terminated our registrar agreement with one registrar,” the dot-UK registry said”
Wow – scary stuff.
Makes me wonder if that is what is going on over at MyDomain.com ?
I had two domains taken last year that they could not explain!!
And they could not get them back either so they procrastinated till they went into redemption!
They have a very suspicious setup with SnapNames that allows them to sell off domains to 3rd parties long before Redemption!
That is terrible security! Cant believe these guys did not do a security audit of themselves and fix this. Very poor programming on their part!!! I would never trust them after this big of an issue was missed on their part.