Last year, cybercriminals managed to steal around 300 domains by exploiting a vulnerability in the web hosting control panel of UK registrar 123-Reg. In addition to 123-Reg, it’s believed that four other registrars have been impacted.The Register has learned that a security hole in 123-Reg’s web hosting control panel allowed anyone with an account to gain access to other accounts simply by modifying the URL from the browser’s address bar.
The bug exposed emails, name servers and even billing information. An attacker could have hijacked domains by changing the email address for .uk domain name registry Nominet and requesting a new password.
The domains that were hacked this way, totaling 300, were locked by Nominet. In addition, the registrar agreement with one company was terminated.
“To our knowledge, Nominet's own systems have not been compromised,” Nominet representatives have stated on the company's forum.
“The only recent security issue we are aware of regarding any of our registrars happened last summer- four registrars were victims of unauthorised transfers of around 300 domain names during the post expiry period. This matter is now in the hands of the police, so weâre not in a position to comment further.”
Updated to include the statement from Nominet.