Heartbleed Strikes Again : Moniker.com
After requesting users update their online identities recently, Moniker has issued a statement providing more details of the hack that prompted it.
In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources. We have reason to believe credentials to the accounts in questions may have been obtained through exploitation of the Heartbleed Bug published earlier this year. In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.
Brave indeed except the message carries a hint that Moniker is actually trying to establish if there are customers affected who may not have otherwise checked. Chances are, you would have noticed if your domains had been transferred without your knowledge from Moniker but, if you are a customer, keep an eye on your account. What is interesting is that, even as an owner of a single domain at Moniker, it transpires in their correspondence that BabbleTalk’s account actually has three separate identities – two more than we knew about or are necessary – all of which were presumably exposed in the Heartbleed attack of last month. Not encouraging.
We encourage you to notify us immediately if you feel your account has been compromised or if you believe you are missing domains; however, we are confident all such cases have been identified.