Bulkregister Suffers Customer Database Glitchgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
Bulkregister Suffers Customer Database Glitch By Brian McWilliams
A small glitch during a planned database upgrade by Bulkregister.com gave a big scare to some of its customers this weekend.
When clients of the Internet's second-largest domain registrar logged in to access their accounts Sunday, some found their domain records had apparently been modified and replaced with erroneous data. That quickly led many to conclude that the system had been compromised by attackers.
However, Bulkregister.com Monday blamed the problem on a programming error in an enhanced customer database system rolled out by the company Saturday evening.
"This was totally self-inflicted," said Bulkregister.com CEO Tony Keyes.
A bug in the new system's query function caused customers doing look-ups on their accounts to see other customer's domain records, including account names, e-mail addresses, and DNS information, but not credit card information or account passwords.
According to Keyes, the customer data itself was never compromised, nor was the domain information maintained by the Network Solutions registry. The software glitch, which affected about two hundred of Bulkregister's 15,000 clients, was corrected Sunday evening.
Among the visible data were the customers' "handles" or account names and "approved from" e-mail addresses. Armed with these two pieces of information, an unscrupulous person could potentially effect the transfer of a domain to another party.
As a precaution, Bulkregister is implementing a lock on the affected customer records until it can contact the domain owners and verify that their data is correct.
"Just in case someone who saw data that didn't belong to them is very creative and thought of something to do that would appear to be a problem, we felt it was better just to lock it down until our client tells us it's okay to take it off," said Keyes.
Bulkregister.com is a wholesale provider of domain name registration services to ISPs, web hosting and web designer clients around the world. To date, the company has registered more than 2 million Internet addresses since launching in December of 1999.
-- Martin Thompson (email@example.com), February 26, 2001