New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Dynadot security issue?
Just got this in two of my mailbox.
Dear XYZ,
During one of our routine security checks, our system noticed irregular activity. To ensure account security and mitigate any potential issues, we request you change your password.
To change the password for XYZ, please click the link below:
Change my password
If you are concerned or would like to add additional security measures, we recommend adding a second layer.
Any specific account that we notice any irregularities in will be contacted by our management team.
Best Regards,
Dynadot Support Team
(account XYZ)
(account XYZ)
Thanked by 1szarka
Comments
I haven't got any mail from them. Hmm...
Sounds a bit off.
Did you verify if that's legit?
On the other hand, I received a maintenance notice just about an hour ago.
Got it too.
@Boogeyman post email headers.
Change your password ASAP.
I actually did even before they sent out emails.
There was a little outage with a status page saying that their servers are very busy right now. Then when they came back online, their system refused to accept my password. I realised that something's wrong, and soon they'll be sending out emails for password change. That's exactly what happened.
I just tried logging in and it's asking me to reset my password
Received email as well
I did a password reset and I can log in successfully.
Not too worried since I have 2FA enabled.
They haven't said anything publicly but did kind of mention password resets:
Can confirm. Got the same email.
If the site got hacked I think 2FA wont help much? Isnt 2FA is protection when the user got hacked?
Got another mail. API key got reset. Check your applications people, they are now broken.
I didn't think that far ahead that they were hacked but would only assume the possibilities of data/DB leak or some sort.
Didn't get any mail yet, but reset password anyway.
Received mine about an hour ago but I've already changed my password twice.
I don't think we'll be hearing from Dynadot until they've completely dealt with this, now assuming that they've been pwned.
Hmm, I got the maintenance e-mail but nothing about a compromise, or asking me to reset my credentials. Guess I've been lucky based on what @DP posted, but time to reset anyway!
Hmmm. I got the email as well. I did reset my password and activated 2FA but still feeling uneasy because of the lack of info about what exactly happened.
Exactly the same thing happened to me when I was trying to transfer a certain domain earlier today
Suspecting a security event, I emailed them asking why my password was forcibly changed and I received the following (this isn't the whole response just a snippet):
Combined with forcing people to change their API keys, it looks like there was a leak of somesort.
Has anyone been contacted by "management"? I'm hoping their silence on the matter is simply them coordinating with law enforcement/insurance companies.
That's what I think. But they should share more than just "during our team's routine security checks they discovered irregular activity"
That could mean all sorts of things. Is my CC info safe for example?
I agree @Arkas
I like to think that CC info is pretty tightly controlled these days and that it rarely gets leaked. If I'm not mistaken they use Stripe as a payment gateway anyway - so it should all be safe.
I haven't received an email yet...
Tried resetting the password and I've not gotten the email yet. Damn yahoo
ditto!
tried to login to dynadot control panel, and was automatically asked the reset the password.
though I did not receive any email yet.
seems they got hacked?? and now patched.
Nevermind this, got it now. And I had reset my account's password earlier - however it's not asking me to again. Probably a delayed e-mail wave.
Still cannot login or reset my password ( even though it says that it has sent an email to me ).
Is anyone else having the same problem still?
Not me.
I tried changing my password 3 times (last week) and it went smoothly without any issues.
Same as @DP
Might be a good idea to jump on their live chat or send them an email - info[at]dynadot.com
I've contacted Dynadot by live chat and they've told me to contact their accounts team via email ( [email protected] ) so I did and I haven't received a response in 2 weeks. (Sent on both my personal hosted email and Hotmail)
Weird, they told me the same and within a business day, actually few hours as I wrote it at night, I got a reply back.