News broke yesterday that thousands of UK companies were at risk of having their .uk domain names stolen for more than four months by a critical security failure at domain registrar Enom. The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs.Any domains hijacked would have been “extremely hard or impossible” to recover, according to The M Group, the security firm that discovered the flaw. Kyle Wilhoit, Senior Cybersecurity threat Researcher at DomainTools commented below.
Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools:
“This type of vulnerability is unfortunately, all too common. In this case, looking at DomainTools data, it appears this vulnerability could have affected roughly 270,000 domains, possibly more. Since this vulnerability was running wild for months, this could have possibly caused some serious security issues for domain administrators. This style of vulnerability could have resulted in stolen domains, therefore making it very difficult for the legitimate domain owners.”