We are investigating a DNS issue that led to the apparent compromise of one of our customer’s websites and a downtime for some customers that use our DNS services.
What happened?
It appears that one customers domain was targeted. Our external provider’s hosted DNS infrastructure was apparently compromised and the DNS records for this domain were changed to point to a cloned web server. Further investigation together with the external provider indicates that it was DNS Cache poisoning rather than any nameservers compromised.
This change occurred on 9th August around 7PM (UTC) , servers were taken offline and access restored again around 9PM (UTC)
The analysis so far indicates that the compromise did not occur on our infrastructure, or that of our service provider. We are still looking into the root cause and the full timeline.
What are we doing to fix & prevent this in the future?
We are working with our External DNS platform vendor to investigate this issue further and identify if any other domains registered with us were affected.
Our security and engineering teams are also working on a plan to prevent a similar issue from recurring in the future.
We apologize for the inconvenience caused to our customers. If you are an iwantmyname customer and are facing any DNS issues please contact our support team: https://iwantmyname.com/support