16 Jul Gandi Confirms Logins Stolen, More Than 750 Domains Hijacked
Over 750 web addresses were taken over through the internet’s own system, said Gandi in a report last Thursday. An unidentified attacker took hold of the company’s login last week, gaining access to one of its technical providers that are connected to at least 27 top-ranking domains.
The attacker changed the domain details on the official name server for 751 addresses, redirecting them to a site that delivered malware. Registry operators recognized the suspicious changes and informed Gandi.
According to the Gandi’s incident report, the technical team immediately addressed the issue by reverting the changes made and replacing all the logins, a process which took three and a half hours.
Gandi apologized for the incident and has since enhanced security around its website and DNS, which includes preloading of strict-transport-security into browsers to protect all visitors, and active monitoring of DNS resolution.
Source: The Register