14 DAY TRIAL // Social media startup Lissn was forced to change its domain name after hackers hijacked its primary one and transferred it to a registrar in another country.
San Francisco-based Lissn develops a platform for real-time discussions and events. "Lissn is a social conversation tool," the company says.
Last Friday, soon after the startup announced three new features via its newsletter, hackers managed to steal its domain, lissn.com, and move it to a registrar in the Netherlands.
A compromised email address seems to have been at the center of this hijacking incident that put the company in a very difficult position.
"We have contacted the authorities and proper parties to get the domain back, but the legal process of reclaiming a domain name can take months and thousands of dollars. Too much time and too much money for a lean startup where momentum is key," says Lissn Founder Myke Armstrong.
As a result, the company chose to move its operations over to lissn.in for now. "Lissn in! It doesn’t have a bad ring to it, huh? Perhaps a little forced rebranding isn’t so bad, albeit unorthodoxly," commented Armstrong.
Fortunately, the hackers who stole the lissn.com didn't use the domain for malicious purposes; at least not so far. They kept the startup's homepage but changed the login button with a message reading "Lissn is currently down for maintenance, sorry for any inconvenience."
Their motivation is not clear, so the risks of malware or exploits being served through the website in the future still exist. Users should switch to lissn.in until the company regains its domain.
Domain hijackings are not uncommon. In fact, this has been a popular attack method last year when the domains of Twitter, Baidu, Secunia, Google Bangladesh, ChronoPay or FC Zenit Saint Petersburg and others were hijacked.
However, these attacks mostly consisted of attackers changing the DNS servers associated with the domains, not their ownership and registrars. In December 2010, a New Jersey man pleaded guilty to stealing p2p.com from a GoDaddy account.