Sunday, January 6, 2008

Gmail Hack Leads to Domain Theft

As recounted in Domain Name Wire, a Google Gmail hack allowed a thief to steal a domain.

The Gmail flaw, probably the one detailed here (since supposedly fixed by Google), allowed the attacker to read all of the Gmail user's mail by forcing his account to forward all e-mail to an outside address.

The domain owner/victim had a domain for which the Administrative account had a Gmail address. The thief created a support ticket on the owner's registrar (also his web host) asking for them to unlock the domain and send the transfer code. The registrar, which in this case seems to have very lax security procedures, e-mailed the information to the address on the Administrative account, meaning the Gmail account, and therefore the thief got it too. The thief took the information and transferred the domain to a GoDaddy account without the owner's knowledge.

There was a happy ending; for all of GoDaddy's flaws, they are alert and savvy enough to recognize crimes like this. The owner was able to work with them to get the domain back. Things wouldn't have been so easy if the thief had used Shady-East-European-Registrar.com.

Make sure to read the Domain Name Wire article on this event. It has good advice for domain name owners to avoid this happening to them, and some other relevant analysis.

No comments :