Thread: Bottle Domains Suffers Security Breach

If the Australian company Bottle Domains is the registrar or host of one of your domains, please note:

The Australian Federal Police is investigating a security breach at Australian registrar Bottle Domains that may have exposed an unknown number of account and domain name passwords.

Read more here.

I can't believe the registrar actually stores passwords in plain text. It's so ridiculous. Even INForum's software doesn't do that - we could be hacked and there would be no security problems. It's really not hard to set things up so that passwords can't be stolen.

Bottle Domains has announced that the security breach relates to another breach that took place in 2007 . It is alleged that an employee of a third party registrar is involved.

The AFP have arrested a Perth male in relation to the investigation.

Saving passwords in a text file is really really ridiculous..have they updated about any new security features?

We are in 2009 and and yet passwords are stored in plain text. I don't know what to say, my professor who thought me security would be fuming.

Jeff, regarding inforum having hashed password, its the software vBulletin which has this small but important feature. In "Bottle Domains" case I believe they might have made custom software and who ever architected the software missed that case.

I don't think it was posted about here, but Namedrive recently had a similar issue. What's more, the hackers posted the usernames and passwords in a hackers' forum.

Ace, your professor is absolutely correct!

Update: The auDA has now terminated the registrar accreditation of Bottle Domains due to "a serious breach of its obligations under the registrar agreement."

Nicholas Bolton loses internet domain registration business

If you have domains registered with Bottle Domains, I assume you'll need to transfer to a different registrar?

Update #2: Bottle Domains has been reinstated as a domain name registrar after the Supreme Court granted a temporary injunction against auDA.

In the meantime, Bottle Domains is commencing legal proceedings against auDA over its cancellation of their accreditation.

Originally Posted by Ceres

Update #2: Bottle Domains has been reinstated as a domain name registrar after the Supreme Court granted a temporary injunction against auDA.

Do you have a link?

Originally Posted by Ceres

[In the meantime, Bottle Domains is commencing legal proceedings against auDA over its cancellation of their accreditation.

On what ground?

Originally Posted by Jeff

Do you have a link?

Bolton takes on internet controller

Originally Posted by Jeff

On what ground?

The article states:

"Mr Disspain of auDA has acted as judge, jury and executioner by cancelling Bottle Domains' accreditation so suddenly, and this action is now proving to be grossly negligent," said Mr Bloch. "There is now the possibility that, if Bottle Domains wins its case, auDA may be subject to severe damages for loss of business, potentially bankrupting the tightly budgeted administrator."