Security issues at Moniker resulted in several domain thefts.
Moniker continues to receive some very negative publicity from its current and former customers, long after a mass breach of accounts resulted in several domain thefts.
In a post at DNForum, a domain owner based in Italy, condemns Moniker’s handling of the situation and alleges that one of his most valuable domains, worth at least $1 million dollars, has been stolen and transferred to another registrar, without his authorization.
He further alleges that Moniker has been unhelpful with reclaiming the domain.
This testimonial raises concerns about the way domain registrars handle customer issues involving domain theft.
Here is the testimonial, unedited:
Moniker is now the worst registrar on the market, stay away from them, believe me or your portfolio will be at risk … and they’ll never care about your problems or better, they’ll cause new ones if you’ll open a support ticket.
DON’T believe to their emails related to security feature improvements, they’re now among the unsafest registrars.
Many accounts have been hijacked in the latest weeks and dozens of domains have been fraudulently transferred away, in some cases the MaxLock was ON.
Let share our recent experience and, even if we can’t mention the involved domains (still unver investigation), I can assure that all facts have been reported exactly as they happened.
One of our most valuable domains (worth over $1M and I’m serious here, it’s something kept private and never shared in the forums because not for sale) has been fraudulently transferred away to another registrar (that I’ll not mention to avoid any possible unwanted investigation from someone a bit curious), this happened in September but only in the first week of October we’ve been aware of that now, how has it been possible ?
See by yourself why Moniker is no longer reliable now: “someone” hacked our account and consider we were using Whois Proxy on that domain while our password was safely stored in an external flash drive, no way to retrieve it without answering to 2 secret questions.
Our email account hasn’t been hacked nor involved in this story, this means the hacker has used a dif. way to get access to the account.He didnt change password but he created a default handle (with a similar email) so he changed it in whois for all contacts (and we got no email notification when he did this … Is this normal ? I doubt and I’ve read about other similar cases in Googloe).
For a lucky case we logged in the account few weeks later and saw our most valuable domain was no longer there; under the same account, we had also other 2 premium names that he didn’t steal so we’ve created a new Moniker account (on the moment) and pushed them there to safeguard our remaining assets.
From there, we did a second push to another account (this time towards a second old account that we owned for few years and where we had other domains too).
In this way, we hoped to make the hacker life harder.Done this, we’ve opened multiple tickets at Moniker (one every 2/4 hours) to make Moniker aware of this incident and we’ve explained what we did to safeguard our other assets apart asking for their cooperation to work together to get back our stolen domain.
02-Oct-2014: For security reasons and with no explanation (so far) they’ve locked our second account (the one where we moved the other mentioned domains) so we’ve submitted multiple tickets to explain again that we’ve moved our domains under it to take them away from the hacker hands.
We got a reply (just once) saying they were investigating, no more news from that moment.
QUICK RECAP:
1. An hacker has fraudulently transferred away from Moniker one of our domains, they refused to help to get it back, they told to contact a court under the new registrar jurisdiction to get the domain back and ok we did and we’re now working with a “very expensive lawyer” to get a subpoena, to proof an hacker has stolen the domain and, maybe, to get it back … who knows when.
2. As a “good gesture”, Moniker has frozen our second account and we’re waiting since over a month to hear back by them to know how getting it back … Basically they’ve stolen our remaining domains. Now our lawyer will work on this case too.
Don’t think to send a copy of your id to get the account back, in such cases: they’ll just ignore you and your docs as they did with us
Again and again: leave them forever, you can no longer trust this company.
