Not every domain name hack requires high-tech espionage or the deployment of sophisticated malware; for many all a hacker needs is a login and a password.
While enterprise-level domain registrars will often boast strong security measures, most domain names are registered on consumer-grade domain registrars, many of which don’t even require baseline security such as two-factor authentication.
If a company or an individual has an account with a consumer domain registrar that doesn’t require multi-factor authentication, there’s a good chance that the login and password combination to the account is one that has been used elsewhere. Despite years of cautionary tales and a near-endless cycle of data leaks and breaches, recent studies show that at least 50% of respondents use the same passwords for personal and work accounts, and that 65% of respondents admit to using the same password for multiple, if not all of their online accounts (these figures could be significantly higher).
Login and password combinations from prior data breaches are readily available by the billions online on dark web marketplaces. If a hacker is able to successfully use one of these to access a domain registrar account, they can transfer any or all of the domain names associated with it to another account or simply change the password and contact information to lock their target out of it.
Once a domain registrar account has been compromised, a hacker can redirect their victim’s websites, block their email services, or hold the account and any associated domain names for ransom.
“Even in situations where companies are able to respond quickly to the loss of a domain name, the damage to their reputation and loss of confidence with customers can be lasting,” says CyberScout founder and chairman Adam Levin.