{"id":4218,"date":"2014-10-06T12:04:23","date_gmt":"2014-10-06T16:04:23","guid":{"rendered":"http:\/\/acro.net\/blog\/?p=4218"},"modified":"2014-10-06T13:14:13","modified_gmt":"2014-10-06T17:14:13","slug":"moniker-password-reset-points-apparent-mass-hacking-accounts","status":"publish","type":"post","link":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/","title":{"rendered":"Moniker password reset points to apparent mass hacking of accounts"},"content":{"rendered":"

Four months ago I moved my last remaining domain away from Moniker.<\/strong><\/a><\/p>\n

The timing was apparently right, as today I received notifications of a forced password reset via email.<\/p>\n

While these emails were legitimately sent out, they ended up in my spam folder, which does not reflect positively on Moniker’s reputation. The mail out relay came from 109.234.108.151 which is a Key Systems IP.<\/p>\n

Both emails contained my account credentials, the account number and a new password, along with an explanation on why the changes are made, and I quote:<\/p>\n

“With the recent ShellShock vulnerability making headlines in addition to the numerous instances of security breaches around the world each week, security is an ever increasing concern. We also saw an increased attempt to access Moniker accounts by brute force attacks.”<\/em><\/p><\/blockquote>\n

The first major security faux pas<\/em> of this forced password reset is that the email – an insecure, open text protocol – contains sensitive account information. Without any encryption, the account credentials traveled across various routes on the Internet, open for anyone along the way with a packet sniffer to process them.<\/p>\n

After logging in to my account I examined my IP access log, which shows an IP in the UK successfully logging in as below:<\/p>\n

\"moniker1\"<\/p>\n

 <\/p>\n

A secondary account at Moniker displayed the following IP log:<\/p>\n

\"moniker2\"<\/p>\n

The failed attempts above are actually mine, after I struggled a bit with the newly issued credentials. However, the IP that successfully logged in into both accounts on 9\/23\/2014 is not me, but rather, a server hosted in the UK.<\/p>\n

I have not visited that IP directly, and it appears to be running both a web server and a VPN, both of which indicate a rogue system that successfully accessed both of my Moniker accounts two weeks ago. While the so-called “ShellShock bug<\/strong><\/a>” was publicly announced on 9\/24, the exploit was quite possibly shared on “zero day” forums attempting to utilize security flaws in operating systems or other software, earlier.<\/p>\n

The consequences of this apparent mass breach can be summarized as such: Change all your passwords<\/strong> across any medium that might have shared them with your Moniker account.<\/p>\n

Additionally, I don’t believe anyone with a basic amount of sanity left, would carry on using Moniker as a domain registrar.<\/p>\n","protected":false},"excerpt":{"rendered":"

Four months ago I moved my last remaining domain away from Moniker. The timing was apparently right, as today I received notifications of a forced password reset via email. While these emails were legitimately sent out, they ended up in my spam folder, which does not reflect positively on Moniker’s reputation. The mail out relay […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[965,453,1090],"class_list":["post-4218","post","type-post","status-publish","format-standard","hentry","category-domains","tag-moniker","tag-security","tag-shellshock","entry"],"yoast_head":"\nMoniker password reset points to apparent mass hacking of accounts - Acro.net - A Domain Investing Blog by Theo Develegas<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Moniker password reset points to apparent mass hacking of accounts - Acro.net - A Domain Investing Blog by Theo Develegas\" \/>\n<meta property=\"og:description\" content=\"Four months ago I moved my last remaining domain away from Moniker. The timing was apparently right, as today I received notifications of a forced password reset via email. While these emails were legitimately sent out, they ended up in my spam folder, which does not reflect positively on Moniker’s reputation. The mail out relay […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/\" \/>\n<meta property=\"og:site_name\" content=\"Acro.net - A Domain Investing Blog by Theo Develegas\" \/>\n<meta property=\"article:published_time\" content=\"2014-10-06T16:04:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-10-06T17:14:13+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/acro.net\/blog\/wp-content\/uploads\/2014\/10\/moniker1.jpg\" \/>\n<meta name=\"author\" content=\"Theo Develegas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Theo Develegas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/\"},\"author\":{\"name\":\"Theo Develegas\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#\\\/schema\\\/person\\\/9c9625f061a0e603a87f5bf0f6f781fe\"},\"headline\":\"Moniker password reset points to apparent mass hacking of accounts\",\"datePublished\":\"2014-10-06T16:04:23+00:00\",\"dateModified\":\"2014-10-06T17:14:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/\"},\"wordCount\":386,\"commentCount\":30,\"image\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/acro.net\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/10\\\/moniker1.jpg\",\"keywords\":[\"Moniker\",\"Security\",\"ShellShock\"],\"articleSection\":[\"Domains\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/\",\"url\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/\",\"name\":\"Moniker password reset points to apparent mass hacking of accounts - Acro.net - A Domain Investing Blog by Theo Develegas\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/acro.net\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/10\\\/moniker1.jpg\",\"datePublished\":\"2014-10-06T16:04:23+00:00\",\"dateModified\":\"2014-10-06T17:14:13+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#\\\/schema\\\/person\\\/9c9625f061a0e603a87f5bf0f6f781fe\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#primaryimage\",\"url\":\"http:\\\/\\\/acro.net\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/10\\\/moniker1.jpg\",\"contentUrl\":\"http:\\\/\\\/acro.net\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/10\\\/moniker1.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/moniker-password-reset-points-apparent-mass-hacking-accounts\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/acro.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Moniker password reset points to apparent mass hacking of accounts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/acro.net\\\/blog\\\/\",\"name\":\"Acro.net - A Domain Investing Blog by Theo Develegas\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/acro.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#\\\/schema\\\/person\\\/9c9625f061a0e603a87f5bf0f6f781fe\",\"name\":\"Theo Develegas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g\",\"caption\":\"Theo Develegas\"},\"description\":\"Theo Develegas - News and opinions on domain name investing, brand development, design, and the occasional rant or two about life's challenges. Founder of Acroplex LLC.\",\"sameAs\":[\"https:\\\/\\\/acro.net\",\"https:\\\/\\\/x.com\\\/acroplex\"],\"url\":\"https:\\\/\\\/acro.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Moniker password reset points to apparent mass hacking of accounts - Acro.net - A Domain Investing Blog by Theo Develegas","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/","og_locale":"en_US","og_type":"article","og_title":"Moniker password reset points to apparent mass hacking of accounts - Acro.net - A Domain Investing Blog by Theo Develegas","og_description":"Four months ago I moved my last remaining domain away from Moniker. The timing was apparently right, as today I received notifications of a forced password reset via email. While these emails were legitimately sent out, they ended up in my spam folder, which does not reflect positively on Moniker’s reputation. The mail out relay […]","og_url":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/","og_site_name":"Acro.net - A Domain Investing Blog by Theo Develegas","article_published_time":"2014-10-06T16:04:23+00:00","article_modified_time":"2014-10-06T17:14:13+00:00","og_image":[{"url":"http:\/\/acro.net\/blog\/wp-content\/uploads\/2014\/10\/moniker1.jpg","type":"","width":"","height":""}],"author":"Theo Develegas","twitter_misc":{"Written by":"Theo Develegas","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#article","isPartOf":{"@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/"},"author":{"name":"Theo Develegas","@id":"https:\/\/acro.net\/blog\/#\/schema\/person\/9c9625f061a0e603a87f5bf0f6f781fe"},"headline":"Moniker password reset points to apparent mass hacking of accounts","datePublished":"2014-10-06T16:04:23+00:00","dateModified":"2014-10-06T17:14:13+00:00","mainEntityOfPage":{"@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/"},"wordCount":386,"commentCount":30,"image":{"@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#primaryimage"},"thumbnailUrl":"http:\/\/acro.net\/blog\/wp-content\/uploads\/2014\/10\/moniker1.jpg","keywords":["Moniker","Security","ShellShock"],"articleSection":["Domains"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/","url":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/","name":"Moniker password reset points to apparent mass hacking of accounts - Acro.net - A Domain Investing Blog by Theo Develegas","isPartOf":{"@id":"https:\/\/acro.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#primaryimage"},"image":{"@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#primaryimage"},"thumbnailUrl":"http:\/\/acro.net\/blog\/wp-content\/uploads\/2014\/10\/moniker1.jpg","datePublished":"2014-10-06T16:04:23+00:00","dateModified":"2014-10-06T17:14:13+00:00","author":{"@id":"https:\/\/acro.net\/blog\/#\/schema\/person\/9c9625f061a0e603a87f5bf0f6f781fe"},"breadcrumb":{"@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#primaryimage","url":"http:\/\/acro.net\/blog\/wp-content\/uploads\/2014\/10\/moniker1.jpg","contentUrl":"http:\/\/acro.net\/blog\/wp-content\/uploads\/2014\/10\/moniker1.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/acro.net\/blog\/moniker-password-reset-points-apparent-mass-hacking-accounts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/acro.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Moniker password reset points to apparent mass hacking of accounts"}]},{"@type":"WebSite","@id":"https:\/\/acro.net\/blog\/#website","url":"https:\/\/acro.net\/blog\/","name":"Acro.net - A Domain Investing Blog by Theo Develegas","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/acro.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/acro.net\/blog\/#\/schema\/person\/9c9625f061a0e603a87f5bf0f6f781fe","name":"Theo Develegas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g","caption":"Theo Develegas"},"description":"Theo Develegas - News and opinions on domain name investing, brand development, design, and the occasional rant or two about life's challenges. Founder of Acroplex LLC.","sameAs":["https:\/\/acro.net","https:\/\/x.com\/acroplex"],"url":"https:\/\/acro.net\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/posts\/4218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/comments?post=4218"}],"version-history":[{"count":0,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/posts\/4218\/revisions"}],"wp:attachment":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/media?parent=4218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/categories?post=4218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/tags?post=4218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}