Just like after it changed its control panel Moniker is once again issuing a statement that solves none of the problems. And it can’t solve any of the problems because they don’t admit that there is an underlying problem: their new system.
I bet you all have heard of the massive hacking attack on Moniker. It was successful and many domains have been reported as stolen including domains such as bit.com.
Moniker, in an email today, claims that the Heartbleed Bug caused the system vulnerabilities.
They also said what seems to be completely not true: “there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers”.
Actually I have talked with and read comments from tens of Moniker customers and I can assure you that there was no brute force attack. The hacker simply had a list of ALL customers numbers and passwords. There was not a single unsuccessful login that would suggest a brute force attack. And even if there was a brute force attack on the main server, why the hell were all passwords stored in plain text?
Here is the email from Moniker today and my comments on this email below:
Ongoing security measures
Moniker recently underwent a system-wide password reset to implement security improvements as a result of recent activity within several accounts. We would like to address these issues and respond to various articles and comments about security breaches at Moniker.
We take all reasonable steps to ensure the protection of domain names managed on our platform and understand that the safety and security of your assets is of upmost importance. With that in mind, we constantly assess system vulnerabilities and work towards quick resolutions to known issues.
In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources. We have reason to believe credentials to the accounts in questions may have been obtained through exploitation of the Heartbleed Bug published earlier this year.
In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.
We encourage you to notify us immediately if you feel your account has been compromised or if you believe you are missing domains; however, we are confident all such cases have been identified.
Contact support at firstname.lastname@example.org.
Of course they don’t actually reply to all the “articles and comments”. They don’t reply as to why when a domain is pushed from one account to another account there are no confirmation emails send about the push and the push is not even logged in the jobs section.
“In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources.”
What was Moniker doing in these several weeks? Did they identify the suspicious activity and did nothing or they didn’t even notice something wrong was going on? Either way these people are dangerous.
No Moniker, your “reasonable steps” are not good enough.
I suggest to anyone that has a domain at Moniker to leave this registrar immediately.