Domain Registrar Enom Left .uk Domains Vulnerable to Theft for Over Four Months

By Tom Pritchard on at

There are plenty of ways for hackers and other nefarious individuals to mess with your shit online, so it certainly doesn't help when companies responsible for keeping things safe fail to fix any gaping holes in their security. It turns out thousands of .uk domains were left at risk for more than four months because domain registrar Enom only just patched up a serious security flaw.

The flaw meant people could transfer .uk domains between Enom accounts without any verification, authorisation, or logs that it actually happened. According to the M Group, the security firm that discovered the issue, domains would have been "extremely hard or impossible" to recover.

The M Group said that it reported the problem to Enom on 1st of May, but it wasn't actually fixed until 1st September. The fix itself, according to an email from Enom, seems to be a simple case of disabling inter-account transfers of all .uk domains. It seems simplistic, but I suppose if people can't transfer domains then the domains can't be stolen that way. Though I suppose it sucks for anyone who need to legitimately transfer a domain to another Enom account.

Better late than never I suppose, but did it really take them four months to fix the issue? Things are bad enough without companies deliberately or accidentally failing to fix massive security holes after they've been reported. [M Group via The Register]

More Security Posts: