Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Dynadot security issue?
New on LowEndTalk? Please Register and read our Community Rules.

Dynadot security issue?

Just got this in two of my mailbox.

Dear XYZ,

During one of our routine security checks, our system noticed irregular activity. To ensure account security and mitigate any potential issues, we request you change your password.

To change the password for XYZ, please click the link below:
Change my password

If you are concerned or would like to add additional security measures, we recommend adding a second layer.

Any specific account that we notice any irregularities in will be contacted by our management team.

Best Regards,
Dynadot Support Team
(account XYZ)

(account XYZ) 

Comments

  • MumblyMumbly Member

    I haven't got any mail from them. Hmm...

    Thanked by 1TimRoo
  • DPDP Member, Moderator, The Domain Guy

    Sounds a bit off.

    Did you verify if that's legit?

    On the other hand, I received a maintenance notice just about an hour ago.

  • SinSiXXSinSiXX Member

    Got it too. :o

  • dosaidosai Member

    @Boogeyman post email headers.

  • _MS__MS_ Member
    edited June 15

    Change your password ASAP.
    I actually did even before they sent out emails.
    There was a little outage with a status page saying that their servers are very busy right now. Then when they came back online, their system refused to accept my password. I realised that something's wrong, and soon they'll be sending out emails for password change. That's exactly what happened.

  • DPDP Member, Moderator, The Domain Guy

    I just tried logging in and it's asking me to reset my password :smiley:

  • digitalwickeddigitalwicked Member
    edited June 15

    Received email as well

  • DPDP Member, Moderator, The Domain Guy

    I did a password reset and I can log in successfully.

    Not too worried since I have 2FA enabled.

    Thanked by 1Frameworks
  • They haven't said anything publicly but did kind of mention password resets:

  • @dosai said: @Boogeyman post email headers.

    Return-path: <[email protected]>
    Envelope-to: [redacted]
    Delivery-date: Wed, 15 Jun 2022 14:38:54 +0200
    Received: from mail-out-newsletter.dynadot.com ([166.88.19.39])
        by [redacted] with esmtps  [redacted]
        [redacted]
        (envelope-from <[email protected]>)
        id [redacted]
        for [redacted]; Wed, 15 Jun 2022 14:38:54 +0200
    Date: Wed, 15 Jun 2022 04:20:12 -0700
    From: Dynadot Notifications <[email protected]>
    To: [redacted]
    Subject: ACTION REQUIRED - Update Password
    MIME-Version: 1.0
    Message-ID: <[redacted]@www.dynadot.com>
    X-Dynadot-Newsletter: 8J6n8V758m7h7DB6b6N7K8C7y6D9CM
    Content-Type: text/html
    X-Spam-Score: -25
    X-Spam-Bar: --
    X-Spam-Report: Spam detection software, running on the system [redacted],
     has NOT identified this incoming email as spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     @@[email protected]@ for details.
    
     Content preview:  Dear [redacted], During one of our routine security checks,
        our system noticed irregular activity. To ensure account security and mitigate
        any potential issues, we request you change your password. To change the
       password for [redacted], please click the link below: Change my password 
    
     Content analysis details:   (-2.6 points, 5.0 required)
    
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
     -5.0 RCVD_IN_DNSWL_HI       RBL: Sender listed at https://www.dnswl.org/,
                                 high trust
                                 [166.88.19.39 listed in list.dnswl.org]
     -0.0 SPF_PASS               SPF: sender matches SPF record
      0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
      1.6 HTML_IMAGE_ONLY_12     BODY: HTML: images with 800-1200 bytes of
                                 words
      0.0 HTML_MESSAGE           BODY: HTML included in message
      0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
      0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                                 blocked.  See
                                 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                                  for more information.
                                 [URIs: dynadot.com]
      0.6 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML
                                 tag
      0.0 T_REMOTE_IMAGE         Message contains an external image
    
    <div id="dot"><img src="http://www.dynadot.com/go/dot8J6n8V758m7h7DB6b6N7K8C7y6D9CM.gif" border="0"></div>Dear [redacted],<br />
    <br />
    During one of our routine security checks, our system noticed irregular activity. To ensure account security and mitigate any potential issues, we request you change your password.
    <br /><br />
    To change the password for [redacted], please click the link below:<br />
    <strong><a href="$account_reset_link$" target="_blank">Change my password</a></strong><br />
    
    <br />
    
    
    
    If you are concerned or would like to add additional security measures, we recommend adding <a href="http://www.dynadot.com/go/news?9V72n8Q7AN618wi9X837v7JK646K8v7j6o7n8l8Y7mg8W6k85838f6J606D7r9B7jGe6n6L7J7J6f9Bj8GE7h848Qmf7056b8S8I7Y6djk6F718r7xQ7l7l6h9I7qG9C8J9G7u7d7g9F75706M6b9W8bSS8MT" target="_blank">a second layer</a>.<br /><br />
    
    
    Any specific account that we notice any irregularities in will be contacted by our management team.<br /><br />
    
    
    Best Regards,<br />
    Dynadot Support Team<br />
    (account [redacted])<br><br>(account [redacted])
    
    Thanked by 1dosai
  • ShakibShakib Member, Patron Provider

    Can confirm. Got the same email.

  • cazrzcazrz Member

    @DP said:
    I did a password reset and I can log in successfully.

    Not too worried since I have 2FA enabled.

    If the site got hacked I think 2FA wont help much? Isnt 2FA is protection when the user got hacked?

  • Got another mail. API key got reset. Check your applications people, they are now broken.

  • DPDP Member, Moderator, The Domain Guy

    @cazrz said:

    @DP said:
    I did a password reset and I can log in successfully.

    Not too worried since I have 2FA enabled.

    If the site got hacked I think 2FA wont help much? Isnt 2FA is protection when the user got hacked?

    I didn't think that far ahead that they were hacked but would only assume the possibilities of data/DB leak or some sort.

  • Didn't get any mail yet, but reset password anyway.

  • DPDP Member, Moderator, The Domain Guy

    @Pilotseye said:
    Didn't get any mail yet, but reset password anyway.

    Received mine about an hour ago but I've already changed my password twice.

    I don't think we'll be hearing from Dynadot until they've completely dealt with this, now assuming that they've been pwned.

  • DPDP Member, Moderator, The Domain Guy

  • Hmm, I got the maintenance e-mail but nothing about a compromise, or asking me to reset my credentials. Guess I've been lucky based on what @DP posted, but time to reset anyway!

  • ArkasArkas Member, Moderator

    Hmmm. I got the email as well. I did reset my password and activated 2FA but still feeling uneasy because of the lack of info about what exactly happened.

  • tjntjn Member

    MS said:
    There was a little outage with a status page saying that their servers are very busy right now. Then when they came back online, their system refused to accept my password. I realised that something's wrong, and soon they'll be sending out emails for password change. That's exactly what happened.

    Exactly the same thing happened to me when I was trying to transfer a certain domain earlier today ;)

    Suspecting a security event, I emailed them asking why my password was forcibly changed and I received the following (this isn't the whole response just a snippet):

    ... the need for the password change is that during our team's routine security checks 
    they discovered irregular activity and to ensure all customers are protected you would 
    need to reset your password before you could access your account ...
    

    Combined with forcing people to change their API keys, it looks like there was a leak of somesort.

    Has anyone been contacted by "management"? I'm hoping their silence on the matter is simply them coordinating with law enforcement/insurance companies.

    Thanked by 1_MS_
  • ArkasArkas Member, Moderator
    edited June 15

    @tjn said: Combined with forcing people to change their API keys, it looks like there was a leak of somesort.

    That's what I think. But they should share more than just "during our team's routine security checks they discovered irregular activity"
    That could mean all sorts of things. Is my CC info safe for example?

  • tjntjn Member
    edited June 16

    I agree @Arkas
    I like to think that CC info is pretty tightly controlled these days and that it rarely gets leaked. If I'm not mistaken they use Stripe as a payment gateway anyway - so it should all be safe.

  • jahrincjahrinc Member

    I haven't received an email yet...

    Tried resetting the password and I've not gotten the email yet. Damn yahoo

    Thanked by 1Jake4
  • JasonMJasonM Member

    ditto!
    tried to login to dynadot control panel, and was automatically asked the reset the password.
    though I did not receive any email yet.
    seems they got hacked?? and now patched.

  • JeDaYoshiJeDaYoshi Member
    edited June 16

    @JeDaYoshi said:
    Hmm, I got the maintenance e-mail but nothing about a compromise, or asking me to reset my credentials. Guess I've been lucky based on what @DP posted, but time to reset anyway!

    Nevermind this, got it now. And I had reset my account's password earlier - however it's not asking me to again. Probably a delayed e-mail wave.

  • Jake4Jake4 Member

    Still cannot login or reset my password ( even though it says that it has sent an email to me ).

    Is anyone else having the same problem still?

  • DPDP Member, Moderator, The Domain Guy

    @Jake4 said:
    Still cannot login or reset my password ( even though it says that it has sent an email to me ).

    Is anyone else having the same problem still?

    Not me.

    I tried changing my password 3 times (last week) and it went smoothly without any issues.

  • tjntjn Member
    edited June 20

    Same as @DP
    Might be a good idea to jump on their live chat or send them an email - info[at]dynadot.com

Sign In or Register to comment.