Featured in the Wall Street Journal ABC News BBC News Forbes   Newsweek USA Today New York Times CNN/Money Investor's Business Daily

Home

 

August 27, 2012

Domain Sales

About Us

YTD Sales Charts

E-Mail Us

The Lowdown

News Headlines

Articles

Resources

Archive

Letters to Editor

The Lowdown Subscribe to our RSS Feed
Here's the The Lowdown from DN Journal,
updated daily
to fill you in on the latest buzz going around the domain name industry. 

The Lowdown is compiled by DN Journal Editor & Publisher Ron Jackson.

Employee Misuse of Moniker WhoIs Privacy Data Victimizes a Customer But Something Good Should Come From the Breach

Earlier today both Rick Schwartz and Michael Berkens wrote about an unfortunate incident at Moniker.com in which a customer of the popular registrar was victimized by a Moniker employee who accessed confidential personal identification data for a WhoIs Privacy protected domain registered by the customer, then used it against that customer by sending the information to his employer. 

I was made privy to the details of this incident a few days ago when the customer (a longtime friend with a spotless reputation) told me what happened in an off the record conversation. No names have been released thus far because it has been his wish to give Moniker a chance to resolve the problem and make changes aimed at preventing  similar incidents in the future. 

Moniker's first public comment on the issue came today when Schwartz and Berkens received a brief statement from the company shortly after Schwartz published his post (the statement apparently did not go out to all media outlets as I never received it). According to their posts the statement from Mason Cole, the VP for Community & Industry Relations for Moniker parent Oversee.net said:

"Moniker has learned that one of its employees violated company policy by distributing customer data for a single domain name registration.  The employee has been placed on administrative leave while the company further reviews the matter."  

"Only one employee and one customer registration were involved.  However, unauthorized data access of any kind, no matter how large or small, is an issue taken very seriously by Moniker and by its parent company, Oversee.net, and is being addressed directly.

While the customer understandably feels violated and angry about the information being sent to his employer, it is admirable that he is also focused on seeing changes made that will help prevent such incidents from harming any customer in the future. 

Upon hearing his account the biggest surprise to me was that this kind pf private information was so easily accessible to multiple registrar employees who have no need to see such sensitive data. I would have thought that only a very limited number of high level personnel could get to this information which can normally be released only through legal means such as a UDRP filing on law enforcement request. 

When you pay an extra fee for WhoIs Privacy you have a right to expect that the registrar is going

to take extra measures to insure that data stays private. For a quality registrar like Moniker that has built their brand on security, this has to be a major embarrassment. However it should also serve as a welcome wake up call to tighten security and limit the circle that has access to private information. That goes for every registrar that offers WhoIs Privacy services. 

The ironic thing about this incident, based on the parts of the account that I can share, is that the employee in question attempted to harm someone who actually had the employee's best interests at heart. The customer registered a number of domains that included an industry figure's name followed by the word "Sucks", including names of his own friends and relatives. He said it was his intention to keep those domains out of the hands of others who would use them to attack those people (a common defensive registration technique among corporations today). 

When the employee learned that someone registered their name followed by "Sucks", the employee then bypassed WhoIs Privacy protection to find out who it was. Had the employee stopped there no one would have been the wiser. However, suffering from an inexplicable lapse of judgment, the employee sent an email to the customer's boss to complain about the registrant. It is probably now safe to assume that the registrant will not be sending the name on to the employee as he originally intended.

(Posted Dec. 31, 2010) 


For all current Lowdown posts - Go Here


We need your help to keep giving domainers The Lowdown, so please email editor@dnjournal.com with any interesting information you might have. If possible, include the source of your information so we can check it out (for example a URL if you read it in a forum or on a site elsewhere). 


 Home  Domain Sales  YTD Sales Charts   Latest News  The Lowdown  Articles  
Legal Matters
  Dear Domey  Letters to Editor  Resources  Classified Ads  Archive  About Us

Hit Counter

Latest news of the domain name industry

 

Copyright 2010 DNJournal.com - an Internet Edge, Inc. company. 
No material may be copied from this site without expressed written consent.