According to an email sent to all of its clients tonight, the domain name registrar Moniker.com notified its client they did a “system-wide password reset” tonight that will require ALL Clients to reset their passwords.
Here is the email Moniker.com send out tonight:
“”Moniker’s Operations & Security team has discovered and blocked suspicious activity on the Moniker network that appears to have been a coordinated attempt to access a number of Moniker user accounts.
“”As a precaution to protect your domains, we have decided to implement a system-wide password reset. Please read the below instructions to create a new password. You will not be able to access your Moniker account until these steps are taken.
“”In our security investigation, we have found no evidence that domains have been lost or transferred out. We also have no evidence that any confidential or credit card information has been compromised.
“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data and domains remain secure. This means that, to be absolutely sure of the security of your account, we are requiring all users to reset their Moniker account passwords. ”
“Please reset your password by following the directions below.”
“In our security investigation, we have found no evidence that domains have been lost or transferred out. We also have no evidence that any confidential or credit card information has been compromised.”
“While our password encryption measures are robust, we are taking additional steps to ensure that your personal data and domains remain secure. This means that, to be absolutely sure of the security of your account, we are requiring all users to reset their Moniker account passwords. ”
Please reset your password by following the directions below.
1) Go to Moniker.com and click the “Sign In” button in the upper right hand corner of the home page. Select the “Forgot Your Password” link.
2) You will be directed to a page to “Retrieve” your Moniker Account Password. When prompted, enter your account number and click “Submit”.
3) You will be directed to a page that displays the message below. You will receive an email from Moniker. Please follow the instructions in this email to complete the password reset.
As recent events with other large services have demonstrated, this type of activity is becoming more common. We take our responsibility to keep your domains and personal data safe very seriously, and we’re constantly enhancing the security of our service infrastructure to protect our customers. We feel it is also important to be clear that we view this as attempted illegal activity and have taken steps to report this to the appropriate authorities.
There are also several important steps that you can take to ensure that your data on any website, including Moniker, is secure:
• Avoid using simple passwords based on dictionary words
• Never use the same password on multiple sites or services
• Never click on ‘reset password’ requests in emails that you did not request
Thank you for taking the time to read this email. We sincerely apologize for the inconvenience of having to change your password, but, ultimately, we believe this simple step will result in a more secure experience. If you have any questions, please do not hesitate to contact Moniker Support.
Our support team is standing by to assist at 800-688-6311 or outside the U.S. and Canada: 954-607-1294.
Drake Harvey
Chief Operations Officer
Moniker.com
Support is going to have a very busy day as most of the time one do not remember the secret questions to reset his account.
It happened to me but I was lucky to call from France this morning so it was 3h00 AM when I reached the support and they were not overloaded. I was terrified they be unable to respond me because it’s a norm: Americans only speak/understand english (it’s terrible)! There is certainly few exceptions but according my 15 years experience they are never employed in the support team apparently. Grrrr!
But the guy was speaking slowly so I was able to understand (sure many times I asked him to repeat) but he helped me access my account and reset my password.
I cannot complaint, thanks to the support and courage for few days very busy!
The sad thing is these kinds of attacks are occurring more and more frequently.
@Francois Carrillo
I went to reset my password and forgot the secret question and my account was then blocked.
I phoned the number and within a matter of seconds I was put through and everything was reset, great customer service, thanks Moniker.
Cheers
Stu
Moniker probably took its cue from Name.com’s similar breach. Still, it’s good they notified as many as they can on what happened.
Thanks for sharing your experience, too, Stu.
Dave: a month later after Name.com ? (rolling my eyes)
after it was reported everywhere else ?
And if I read correctly the breach/incident happened last year…
C’mon.
I covered a cbs story on passwords and apps that automatically protect and change them.Worth a look at the short interview because this is not the first nor the last time you’ll have to deal with this. APPS change that. may even help with Yahoo matter: http://fragerfactor.blogspot.com/2013/06/forget-your-password-dashlane-and-other.html
This is a major failure on the part of Moniker. I can’t get into any of the accounts we have because I don’t seem to be able to remember my own name. I’m not sure how this is possible, but numerous calls to support “dropped”. A single call to sales was met with a promise for assistance, and here we are several hours later with no resolution. This company has been in decline for a long time.
Did I mention I can’t remember my other family members’ names, either? Pretty fucking amazing.
I also can’t remember my own phone number.
Security Questions are hogwash:
http://recoverdomainname.com/MonikerSecurityQuestions06202013.jpg
I would become nervous; get very, very nervous. Where did I EVER enter these security questions on the Moniker website? Nowhere. Show me the page. These answers were not required to become a client of Moniker’s. My mind is a steel trap. I NEVER answered these questions. I, too, tried to type in first and last name, then just first name, thinking Moniker would have these on file.
KeyDrive is going to pick and choose which of your valuable dot coms it wants.
I obviously didn’t remember the security questions for my account so I had to contact support. Luckily Moniker had many people working the phones today, the guy I was talking to said he usually never worked on support but they needed all manpower on that today 🙂 I got through within seconds, maybe because of my VIP account but nevertheless great support!
Just glad my domain names were safe, I have around 2000 domains in my Moniker accounts :s What happens if next time the attackers get through?
You’ll have to sit dow for this:
Drake Harvey, COO of Moniker, is listed as
Chief Technology Officer at Internet REIT
Here is info on iReit at ICANN wiki:
icannwiki.com/index.php/Internet_REIT
As late as 2011, according to Elliot’s blog, people were still doing business with iReit, though responses were slow. Now, iReit.com doesn’t resolve.
– from Elliot’s blog comment, 2011.
Quick. Register MonikerFuckingLostMy.pw now!
Right now, Stewart from Snapnames at its office in Austin, TX, called me back where I requested a callback hours ago to email me the new link where I could answer security questions for the first time. I took a screenshot of the blank form, then one with my entries, plus wrote down my new psswd. Now, I can log in. Those screenshots are proof of the security answers I entered.
The office in Austin in the corporate park, Bridgepoint Plaza, has been in existence 3 months, and the 7 employees are new.
I asked Stewart if he works for iReit, and he hesitated before answering, “no.” iReit was based in Houston, with funding from famous businessman Ross Perot, so it makes sense about a Snapnames office in Austin.
Good one!
Kudos Moniker tech team! I reset my psswd twice to test the security questions. They work. The link to reset goes to my email address on file.
The good people at Moniker are defending its customers against the higher ups powers.
What are you smoking?
By way of article suggestion @ MHB, would you reach out to Drake Harvey, Chief Operations Officer, Moniker.com and flesh out what happened to iReit? Sounds like it merged with KeyDrive, Snapnames, and Moniker, and is trying to sell iReit.com, which DNS points offline. It has to be for rebranding purposes, as iReit can be a good candidate for Inland Real Estate Acquisitions, Inc., and other companies, Reit being a real estate investment trust (REIT) /ˈriːt/ is “any corporation, trust or association that acts as an investment agent specializing in real estate and real estate mortgages” under Internal Revenue Code section 856,” many reits being traded publicly on the NYSE.
Here is the LinkedIn page for a Portfolio Sales Specialist for Moniker: Snapnames, Internet REIT, Oversee.net, Snapnames, Key Drive Companies based in Austin, TX:
linkedin.com/pub/margaret-gonzalez/8/9ab/67b
Has anyone not been able to reset their password? I have tried for over a week without receiving a single password reset email even after receiving success messages whether I use my ID, username or email address.