Jan 012011
 
 January 1, 2011  Breaches, Featured News

Rick Schwartz describes an insider abuse of private domain registry information by an employee of Moniker.com.  The story is somewhat convoluted, but here’s part of what he wrote:

I wish the folks at Moniker/Oversee were writing this and not me. I was under the impression they would and do it before today. I urged them in the strongest way I know. But they knew if they did not step up, others would and the story would be made public. This is the story they have failed to tell you and of course I only know some of the details. As a customer from the earliest days, I am not happy to see this.

This involves a domain under privacy, the customer that owned that domain, and the employee that works for the registrar that misused that info by contacting the employer of this customer. Got that?

Then we have an employee of Moniker who not only looked at protected info, but took it a step or two further as you will read below.

Now none of this would have come out had an email not been sent to the domainer’s employer from this employee of Moniker about this person I know VERY well who owned a certain domain name under privacy. The motivation is the name of this Moniker Employee with “Sucks.com” on the end.

Read more on RicksBlog.com.

DN Journal also discusses the case and raises an excellent point from a security standpoint:

Upon hearing his account the biggest surprise to me was that this kind pf private information was so easily accessible to multiple registrar employees who have no need to see such sensitive data. I would have thought that only a very limited number of high level personnel could get to this information which can normally be released only through legal means such as a UDRP filing on law enforcement request.

When you pay an extra fee for WhoIs Privacy you have a right to expect that the registrar is going

to take extra measures to insure that data stays private. For a quality registrar like Moniker that has built their brand on security, this has to be a major embarrassment. However it should also serve as a welcome wake up call to tighten security and limit the circle that has access to private information. That goes for every registrar that offers WhoIs Privacy services.

Sorry, the comment form is closed at this time.