300 UK domains pilfered, massive security lapse blamed

  • Add Comments
  • Print
  • Add to Favorites

Exclusive What appears to be a glaringly obvious security hole has been blamed for the snatching of 300 domains hosted by one web-hosting firm last year, The Reg has discovered.

A source told El Reg that anyone with a hosting package from 123-Reg, and hence an account control panel, simply had to change the final section of the URL manually (to, for example, /someoneelseswebsite.co.uk) to be able to gain access to another site’s emails, name servers and billing.

 With access to the admin panel, would-be domain thieves just had to change the contact details for UK registry Nominet to a new email address and then do a failed password request to have a new password sent to the new email address, locking the original owner out, our source claimed

No Comments to “300 UK domains pilfered, massive security lapse blamed”

add a comment.

Leave a Reply

You must be logged in to post a comment.

Read previous post:
Internet Providers Persuade FCC Panel Against Cybersecurity Recommendations

WASHINGTON—Big Internet providers seem to have talked their way out of unwelcome new recommendations on cybersecurity. Danny Yadron has specifics...