DomainTools was targeted by email harvesting campaign

DomainTools sent out an email today informing its account holders that a high volume user email harvesting campaign targeted its system and correctly matched a few hundred current or historic DomainTools account email addresses.

This is the complete email sent out today:

Hello Konstantinos,

Yesterday DomainTools experienced a high volume user email harvesting campaign which abused a flaw in our individual membership email update processes. To the best of our knowledge, no DomainTools customer login and password combinations were compromised by this scripting effort. However, the campaign appears to have correctly matched a few hundred current or historic DomainTools account email addresses.

We encourage DomainTools account holders to change their passwords as a precautionary security measure. From our investigation it appears the actor used email addresses from prior well-known breaches and ran those against our email update process. This campaign resulted in the DomainTools website confirming the existence of a limited number of user email addresses in our membership system. From there, the attacker could conceivably attempt login/password combinations sourced from those prior data dumps such as LinkedIn or Dropbox . These large scale data breaches can be researched at discovery sites such as Have I Been Pwned.

We want to apologize to our account holders for the inconvenience this may cause. The security of our users is paramount and despite what initially seems like very limited exposure we wanted to notify all our current and prior active users of this situation. DomainTools has patched the system in question and implemented additional monitoring for any account abuse stemming from yesterday’s activity.


About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the blog in 2012.


  1. Saw that. Some people probably use identical or similar passwords on other websites too – registrars perhaps. Best change those.

  2. Maybe raise your prices another $100, and half some more of your services, apologize my ass

  3. How ironic … maybe one day DomainTools’ management should explain people how they are allowed to profit from stored public whois records …
    Please keep in mind that Whois data are public, accessibile to anyone free of charge.
    ICANN Whois terms are as follows:
    “You agree to use this data only for lawful purposes and further agree not to use this data (i) to allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited, commercial advertising, or (ii) to enable high volume, automated, electronic processes to collect or compile this data for any purpose, including without limitation mining this data for your own personal or commercial purposes.”
    Do they have an agreement in place with ICANN to commercially exploit Whois data or what?
    Asked this question to Ammar Kubba 6 months ago … no answer …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.