Security Breaches at Moniker

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • InfoGuy
    80/20 Rule
    • Apr 2010
    • 3052

    #1

    Business Security Breaches at Moniker

    On Monday, Moniker sent out this email with the subject "Increased Security - Password Resets [########]".

    Dear Valued Client,

    With the recent ShellShock vulnerability making headlines in addition to the numerous instances of security breaches around the world each week, security is an ever increasing concern.
    We also saw an increased attempt to access Moniker accounts by brute force attacks.

    And we at Moniker are taking this very seriously.

    Accordingly, we are implementing new protocols to better protect our clients and their assets.

    As part of this process, you will be required to reset your account password while adhering to stronger minimum password requirements.

    You will now need to use a more secure password combination at least eight characters in length and including three of these four attributes:

    * Lowercase characters
    * Uppercase characters
    * Numerical digits
    * Special characters

    We have proactively reset your password and login credentials for sub-accounts to reflect this changes.


    The new password for your account ######## is as follows #############.

    Please find below passwords for the sub accounts that we found in your settings:

    ##### #############


    Please reset your passwords to one of your own choosing that meets the new password requirements at your earliest convenience.

    As an added layer of protection, we will be implementing other security enhancements including a two-step authentication system and system lock out should a user make multiple unsuccessful attempts to login in.

    We appreciate your cooperation in this process and hope you understand the necessity. If you have any questions please contact support by visiting the Moniker support center -http://www.moniker.com/moniker/customer-support or by phone:

    Toll free in the U.S. and Canada: 800-688-6311
    Outside the U.S. and Canada: 954-607-1294

    ---

    Moniker Online Services, LLC
    2320 NE 9th St. Ft Lauderdale, Fl 33304
    Toll-free in the U.S. and Canada: 1-800-688-6311
    International: 1-954-607-1294

    Email: [email protected]

    Web: http;//www,moniker.com


    CEO: Bonnie Wittenburg

    Member of the KEYDRIVE GROUP
    http;//www,keydrive,lu
    This morning Moniker sent out another email with the subject "Ongoing security measures".

    Moniker recently underwent a system-wide password reset to implement security improvements as a result of recent activity within several accounts. We would like to address these issues and respond to various articles and comments about security breaches at Moniker.

    We take all reasonable steps to ensure the protection of domain names managed on our platform and understand that the safety and security of your assets is of upmost importance. With that in mind, we constantly assess system vulnerabilities and work towards quick resolutions to known issues.

    In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources. We have reason to believe credentials to the accounts in questions may have been obtained through exploitation of the Heartbleed Bug published earlier this year.

    In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.

    We encourage you to notify us immediately if you feel your account has been compromised or if you believe you are missing domains; however, we are confident all such cases have been identified.

    Contact support at [email protected].

    Sincerely,

    The Moniker Team

    Moniker Online Services, LLC
    2320 NE 9th St. Ft Lauderdale, Fl 33304
    Toll-free in the U.S. and Canada: 1-800-688-6311
    International: 1-954-607-1294

    Email: [email protected]

    Web: http;//www,moniker.com

    CEO: Bonnie Wittenburg

    Member of the KEYDRIVE GROUP
    http;//www,keydrive,lu
    Last edited by InfoGuy; 10-10-2014, 06:39 AM.
    Support American Heroes | How Bad is My Batch? | Vaccine Deaths & Adverse Reactions | Free Speech Coalition | <WARNING> ePayService / Guerra Capital, INC / MTACC payments | Flirt4Free Fucks their Affiliates | Don't do business with piece of shit Andy Alvarez from Webmaster Central / VR3000, who said:
    "If it was up to me, they would have shot all 30,000 of those country loving shitheads"
  • BlackCrayon
    Too lazy to set a custom title
    • Jun 2003
    • 19634

    #2
    don't worry, they're only stealing 2, 3 letter .com's and short 1 word .coms.. lol

    moniker has become a huge joke that isn't funny.
    you don't know you're wearing a leash if you sit by the peg all day..

    Comment

    • InfoGuy
      80/20 Rule
      • Apr 2010
      • 3052

      #3
      Those clowns at Moniker don't even follow their own advice. They weakened the strength of my password when they reset it by only using the first three types of characters.

      As part of this process, you will be required to reset your account password while adhering to stronger minimum password requirements.

      You will now need to use a more secure password combination at least eight characters in length and including three of these four attributes:

      * Lowercase characters
      * Uppercase characters
      * Numerical digits
      * Special characters
      And let's not forget that this isn't Moniker's first time to do a system wide password reset due to account security concerns. On June 19, 2013, Moniker sent out an email with the subject "Security Notice: Service-wide Password Reset".

      Moniker?s Operations & Security team has discovered and blocked suspicious activity on the Moniker network that appears to have been a coordinated attempt to access a number of Moniker user accounts.

      As a precaution to protect your domains, we have decided to implement a system-wide password reset. Please read the below instructions to create a new password. You will not be able to access your Moniker account until these steps are taken.

      In our security investigation, we have found no evidence that domains have been lost or transferred out. We also have no evidence that any confidential or credit card information has been compromised.

      While our password encryption measures are robust, we are taking additional steps to ensure that your personal data and domains remain secure. This means that, to be absolutely sure of the security of your account, we are requiring all users to reset their Moniker account passwords.
      Please reset your password by following the directions below.

      1) Go to Moniker.com and click the ?Sign In? button in the upper right hand corner of the home page. Select the ?Forgot Your Password? link.

      2) You will be directed to a page to ?Retrieve? your Moniker Account Password. When prompted, enter your account number and click ?Submit?.

      3) You will be directed to a page that displays the message below. You will receive an email from Moniker. Please follow the instructions in this email to complete the password reset.

      As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your domains and personal data safe very seriously, and we're constantly enhancing the security of our service infrastructure to protect our customers. We feel it is also important to be clear that we view this as attempted illegal activity and have taken steps to report this to the appropriate authorities.

      There are also several important steps that you can take to ensure that your data on any website, including Moniker, is secure:
      ? Avoid using simple passwords based on dictionary words
      ? Never use the same password on multiple sites or services
      ? Never click on 'reset password' requests in emails that you did not request

      Thank you for taking the time to read this email. We sincerely apologize for the inconvenience of having to change your password, but, ultimately, we believe this simple step will result in a more secure experience. If you have any questions, please do not hesitate to contact Moniker Support. Our support team is standing by to assist at 800-688-6311 or outside the U.S. and Canada: 954-607-1294.

      Drake Harvey
      Chief Operations Officer
      Moniker.com
      Moniker has acknowledged in their latest emails that domains were fraudulently transferred out, so it's quite possible that personal and credit card info may have also been compromised. It wouldn't surprise me to get that announcement next week.
      Support American Heroes | How Bad is My Batch? | Vaccine Deaths & Adverse Reactions | Free Speech Coalition | <WARNING> ePayService / Guerra Capital, INC / MTACC payments | Flirt4Free Fucks their Affiliates | Don't do business with piece of shit Andy Alvarez from Webmaster Central / VR3000, who said:
      "If it was up to me, they would have shot all 30,000 of those country loving shitheads"

      Comment

      • fogfever
        Confirmed User
        • Apr 2007
        • 1245

        #4
        Wow, Moniker has definitely gone downhill.
        Wonder how many domains under management they have lost this year.

        Comment

        • avalanche
          Confirmed User
          • Feb 2005
          • 1922

          #5
          Moniker is a complete joke now.

          And, they make it a pain to transfer out. They don't send a confirmation email allowing you to confirm transfers, only option is to decline it, so it takes 7-10 days to move a domain out.
          Avalanche

          CherryPimps - Daily Pornstars, LIVE and more!

          Comment

          • BlackCrayon
            Too lazy to set a custom title
            • Jun 2003
            • 19634

            #6
            Originally posted by fogfever
            Wow, Moniker has definitely gone downhill.
            Wonder how many domains under management they have lost this year.
            over 100,000 from one client alone last month.
            you don't know you're wearing a leash if you sit by the peg all day..

            Comment

            • TrashyGirl
              Confirmed User
              • Apr 2010
              • 1401

              #7
              Originally posted by avalanche
              Moniker is a complete joke now.

              And, they make it a pain to transfer out. They don't send a confirmation email allowing you to confirm transfers, only option is to decline it, so it takes 7-10 days to move a domain out.
              Thnx (indirectly) for this tip, I'm trying to get a few domains out of that sinking ship and hadn't been able to.

              Comment

              • suesheboy
                Confirmed User
                • Nov 2002
                • 5211

                #8
                They swore today on the phone no domains were lost.
                Adult Web Site Domain Names For Sale
                Adult Sex Toy Domain Names For Sale
                Tantric Delights, Sex Toys Blog, Tantric Sex Toys

                Comment

                • InfoGuy
                  80/20 Rule
                  • Apr 2010
                  • 3052

                  #9
                  Originally posted by BlackCrayon
                  over 100,000 from one client alone last month.
                  That's a major task considering there isn't a bulk feature to request EPP codes.
                  Support American Heroes | How Bad is My Batch? | Vaccine Deaths & Adverse Reactions | Free Speech Coalition | <WARNING> ePayService / Guerra Capital, INC / MTACC payments | Flirt4Free Fucks their Affiliates | Don't do business with piece of shit Andy Alvarez from Webmaster Central / VR3000, who said:
                  "If it was up to me, they would have shot all 30,000 of those country loving shitheads"

                  Comment

                  • woj
                    <&(©¿©)&>
                    • Jul 2002
                    • 47882

                    #10
                    Originally posted by InfoGuy
                    That's a major task considering there isn't a bulk feature to request EPP codes.
                    they actually do have that feature...
                    you can go to "my domains", then select all, then "export auth codes"...
                    Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
                    Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
                    Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

                    Comment

                    • BlackCrayon
                      Too lazy to set a custom title
                      • Jun 2003
                      • 19634

                      #11
                      Originally posted by suesheboy
                      They swore today on the phone no domains were lost.
                      FMA who has an amazing portfolio of names lost a few three letter .com's and a couple 1 word .com's. i believe they still have not gotten back the ones that were transferred out of moniker. after this happened, they moved their 100,000 plus domains to uniregistry.com.
                      you don't know you're wearing a leash if you sit by the peg all day..

                      Comment

                      • AaronM
                        GFY Royality ;)
                        • Oct 2001
                        • 46923

                        #12
                        I've posted a couple Moniker fail threads in the past but bitch as I might, I kept giving hem chances to improve. That all ended last month.

                        Fuck Moniker

                        From: Marti Johnson <[email protected]>
                        Date: Fri, Sep 26, 2014 at 1:52 PM
                        Subject: Moniker Privacy


                        Hi Aaron,

                        I understand that you previously had a special rate for your privacy.

                        We are no longer able to provide such a rate unless you are planning to transfer ? in additional domains.

                        Let me know if that is the case and I will have an account manger take a look at your rates.

                        Best Regards,

                        Marti


                        _________________________________

                        Marti,

                        I don't recall asking for an email from you. In fact, I specifically asked for a phone call and was told I would receive one this morning. Not only is your company once again not following through as they said they would but 1:52pm is an afternoon thing, not a morning one.

                        Anyway....

                        When I brought my domain portfolio to Moniker, you had employees who cared and this great thing called "Customer Service." Unfortunately, all that has vanished over the years and today Moniker is nothing short of another piece of trash company supplying half assed service and failing to honor the agreements they previously made. It's bad enough that you raised my domain prices and I had to call to get them lowered only to still pay more than we agreed to but then you added insult to injury by raising my privacy price. All of this with no notifications to me at all.

                        Bring you more domains? HAHAHAHAHA!!!

                        You're privacy service fails. I'm not sure why I even pay a buck for it, let alone $4.

                        What happened to me having a personal rep who cared?

                        What happened to the domains of mine you lost?

                        On a scale of 1 to 10, your previous system was about a 3. Your new system is far worse, providing horrible options and limitations.

                        However, the single biggest fail is your customer service itself and at this point, I've had more than enough. You won't receive another dime from me. Yesterday I found a new home for my domains and get this....A live person answered the phone on the 2nd ring! I explained my frustrations with Moniker to which they informed me they have been transferring thousands of domains from you to them recently for the very same reasons. Then they gave me better pricing than you ever have and at this point, I've only registered a single domain there. The rest of my domains will be transferred from you as they come up on renewal.

                        Congratulations on taking Moniker from the top line company it once was and successfully running it into the shitter.

                        No need to respond, in fact, please don't.

                        Comment

                        • armysmoke
                          Confirmed User
                          • Oct 2013
                          • 2606

                          #13
                          I moved my domains out of Moniker when they were hit.

                          Comment

                          • BlackCrayon
                            Too lazy to set a custom title
                            • Jun 2003
                            • 19634

                            #14
                            Originally posted by AaronM
                            I've posted a couple Moniker fail threads in the past but bitch as I might, I kept giving hem chances to improve. That all ended last month.

                            Fuck Moniker

                            From: Marti Johnson <[email protected]>
                            Date: Fri, Sep 26, 2014 at 1:52 PM
                            Subject: Moniker Privacy


                            Hi Aaron,

                            I understand that you previously had a special rate for your privacy.

                            We are no longer able to provide such a rate unless you are planning to transfer ? in additional domains.

                            Let me know if that is the case and I will have an account manger take a look at your rates.

                            Best Regards,

                            Marti


                            _________________________________

                            Marti,

                            I don't recall asking for an email from you. In fact, I specifically asked for a phone call and was told I would receive one this morning. Not only is your company once again not following through as they said they would but 1:52pm is an afternoon thing, not a morning one.

                            Anyway....

                            When I brought my domain portfolio to Moniker, you had employees who cared and this great thing called "Customer Service." Unfortunately, all that has vanished over the years and today Moniker is nothing short of another piece of trash company supplying half assed service and failing to honor the agreements they previously made. It's bad enough that you raised my domain prices and I had to call to get them lowered only to still pay more than we agreed to but then you added insult to injury by raising my privacy price. All of this with no notifications to me at all.

                            Bring you more domains? HAHAHAHAHA!!!

                            You're privacy service fails. I'm not sure why I even pay a buck for it, let alone $4.

                            What happened to me having a personal rep who cared?

                            What happened to the domains of mine you lost?

                            On a scale of 1 to 10, your previous system was about a 3. Your new system is far worse, providing horrible options and limitations.

                            However, the single biggest fail is your customer service itself and at this point, I've had more than enough. You won't receive another dime from me. Yesterday I found a new home for my domains and get this....A live person answered the phone on the 2nd ring! I explained my frustrations with Moniker to which they informed me they have been transferring thousands of domains from you to them recently for the very same reasons. Then they gave me better pricing than you ever have and at this point, I've only registered a single domain there. The rest of my domains will be transferred from you as they come up on renewal.

                            Congratulations on taking Moniker from the top line company it once was and successfully running it into the shitter.

                            No need to respond, in fact, please don't.
                            So where are you moving your domains to?
                            you don't know you're wearing a leash if you sit by the peg all day..

                            Comment

                            • AaronM
                              GFY Royality ;)
                              • Oct 2001
                              • 46923

                              #15
                              Originally posted by BlackCrayon
                              So where are you moving your domains to?
                              NameSilo.com

                              Comment

                              • InfoGuy
                                80/20 Rule
                                • Apr 2010
                                • 3052

                                #16
                                Originally posted by BlackCrayon
                                FMA who has an amazing portfolio of names lost a few three letter .com's and a couple 1 word .com's. i believe they still have not gotten back the ones that were transferred out of moniker. after this happened, they moved their 100,000 plus domains to uniregistry.com.
                                With the size and quality of his portfolio, it makes sense to operate his own registrar.
                                Support American Heroes | How Bad is My Batch? | Vaccine Deaths & Adverse Reactions | Free Speech Coalition | <WARNING> ePayService / Guerra Capital, INC / MTACC payments | Flirt4Free Fucks their Affiliates | Don't do business with piece of shit Andy Alvarez from Webmaster Central / VR3000, who said:
                                "If it was up to me, they would have shot all 30,000 of those country loving shitheads"

                                Comment

                                • armysmoke
                                  Confirmed User
                                  • Oct 2013
                                  • 2606

                                  #17
                                  Originally posted by AaronM
                                  NameSilo.com

                                  Comment

                                  • RummyBoy
                                    Confirmed User
                                    • Dec 2009
                                    • 2157

                                    #18
                                    Originally posted by InfoGuy
                                    With the size and quality of his portfolio, it makes sense to operate his own registrar.
                                    FMA is Future Media Architects. If its true they moved to Uniregistrar, then they moved to Frank Schillings registrar. Schilling is quite trusted around the industry so they are probably worth looking into.

                                    Though, im still a big fan>> http://namecheap.com
                                    Last edited by RummyBoy; 10-11-2014, 08:31 AM.

                                    Comment

                                    • anexsia
                                      Confirmed User
                                      • May 2010
                                      • 5735

                                      #19
                                      Use NAMESILO - one of the best domain services right now with some of the cheapest pricing $8.39 and lower for domains and FREE whois privacy for life - plus the backend rocks.

                                      Comment

                                      • woj
                                        <&(©¿©)&>
                                        • Jul 2002
                                        • 47882

                                        #20
                                        Originally posted by AaronM
                                        NameSilo.com
                                        did you manage to get some hookup pricing with them, or just retail pricing?
                                        Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
                                        Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
                                        Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

                                        Comment

                                        • GAMEFINEST
                                          Make STACK$
                                          • Nov 2006
                                          • 14478

                                          #21
                                          I am moving all my site from moniker.com already.
                                          Compound interest.

                                          Comment

                                          • InfoGuy
                                            80/20 Rule
                                            • Apr 2010
                                            • 3052

                                            #22
                                            Originally posted by RummyBoy
                                            FMA is Future Media Architects. If its true they moved to Uniregistrar, then they moved to Frank Schillings registrar. Schilling is quite trusted around the industry so they are probably worth looking into.

                                            Though, im still a big fan>> http://namecheap.com
                                            Thanks for trying to enlighten me, but I'm not a noob and I already know of FMA, Elequa, Frank Schilling and Uniregistrar.
                                            Support American Heroes | How Bad is My Batch? | Vaccine Deaths & Adverse Reactions | Free Speech Coalition | <WARNING> ePayService / Guerra Capital, INC / MTACC payments | Flirt4Free Fucks their Affiliates | Don't do business with piece of shit Andy Alvarez from Webmaster Central / VR3000, who said:
                                            "If it was up to me, they would have shot all 30,000 of those country loving shitheads"

                                            Comment

                                            • AaronM
                                              GFY Royality ;)
                                              • Oct 2001
                                              • 46923

                                              #23
                                              Originally posted by woj
                                              did you manage to get some hookup pricing with them, or just retail pricing?
                                              I didn't even ask for a hookup. I'm happy enough with their retail based on the small number of domains I've moved there. Although, once I've moved more domains to them I'll probably request a better rate.

                                              Comment

                                              • marlboroack
                                                So Fucking Banned
                                                • Jul 2010
                                                • 9327

                                                #24
                                                Never worked with them and never will... Thanks for sharing

                                                Comment

                                                • HandballJim
                                                  Confirmed User
                                                  • Sep 2008
                                                  • 4024

                                                  #25
                                                  It's crazy that the infrastructure of Domains is still like the wild wild west after 20 years. The whole stealing of domains and transferring them out, etc. Do you mean they cannot track a domain name, and easily take it back if it was maliciously taken?
                                                  HOW I MAKE LOTS OF $$$

                                                  Comment

                                                  Working...