Heartbleed Strikes Again : Moniker.com

After requesting users update their online identities recently, Moniker has issued a statement providing more details of the hack that prompted it.

In the past several weeks, we have seen suspicious activity on our platform which included login attempts to various accounts from unknown sources. We have reason to believe credentials to the accounts in questions may have been obtained through exploitation of the Heartbleed Bug published earlier this year. In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.

Brave indeed except the message carries a hint that Moniker is actually trying to establish if there are customers affected who may not have otherwise checked. Chances are, you would have noticed if your domains had been transferred without your knowledge from Moniker but, if you are a customer, keep an eye on your account. What is interesting is that, even as an owner of a single domain at Moniker, it transpires in their correspondence that BabbleTalk’s account actually has three separate identities – two more than we knew about or are necessary – all of which were presumably exposed in the Heartbleed attack of last month. Not encouraging.

We encourage you to notify us immediately if you feel your account has been compromised or if you believe you are missing domains; however, we are confident all such cases have been identified.

1 Comment

SimonOctober 27th, 2014 at 6:32 pm

Is Moniker still in trouble with its system security ?

Another email hit the electronic door mat today, asking for subscribers to check their payment details:

“Your account is currently set up for automatic payments using a
credit card. We ask that you please verify the billing address used
for the credit card on file as a security measure and to ensure
timely processing of your transactions.”