alert .FO registry hacked

[HotKey]

If you are holding domains directly with the .fo registry, then surely you've received their email, otherwise the notice also appears on the site upon visit. Closed until October 1st, and accounts cannot be accessed.

The hack was interrupted, but the hackers managed to gain access to email addresses and passwords off all users at nic.fo.

Information regarding payments etc. were not compromised.

Yikes! "all users". We should all know by now, never use same security credentials to access accounts, because of stuff like this.

 

[TOP gTLD]

That sounds so bad. You would think they should be able to know better, being in such a highly technological niche. Sorry for those who have accounts with them. Hopefully no bad consequences suffered by fellow-NP-peops.

 

[Kate]

Are they saying they were storing passwords in plain text rather than in hashed form ? In 2018 ?

 

[Paul]

Official notice: https://www.nic.fo/

That notice will certainly be taken down once they're back up, so here's an archived snapshot: https://archive.fo/hpAlo (Yes, ironically, the archive is running on .fo.)

 

[dyn888]

https://archive.today/hpAlo
... backup link, just in case

 

[HotKey]

Are they saying they were storing passwords in plain text rather than in hashed form ? In 2018 ?

I don't know how much more details will be shared as per the hack, this registry keeps to itself and is relatively unknown in the domainosphere. Storing in plain text still occurs, amazingly. Didn't this happen with Twitter a short time ago?

Sorry for those who have accounts with them. Hopefully no bad consequences suffered by fellow-NP-peops.

So far no indication domains have been lost, I know all of mine are intact anyways. It looks like the operator locked down the site immediately after the breach.

 

[HotKey]

Rough..still not up. Posting has changed from "up and running Oct 1st", to

as soon as possible

Better take the time, fix it properly to ensure the breach doesn't occur again, rather than rushing to keep a deadline and fixing bugs on the fly. Could be the investigation holding it back too.

 

[linuxfree]

OMG! a registry hacked terrible news

 

[Kate]

It's not the first time a NIC is hacked.

 

[linuxfree]

It's not the first time a NIC is hacked.

wish to know if the hacker is a white or black hacker. I mean if the hack was reported directly to the registar by the hacker or if the hacker stole the data from the nic without saying nothing to .FO Registry.

 

[Kate]

Whoever did this is a blackhat hacker obviously. A white hat would report the vuln privately, and possibly follow up with responsible disclosure after the vuln is remediated.

 

[linuxfree]

Whoever did this is a blackhat hacker obviously. A white hat would report the vuln privately, and possibly follow up with responsible disclosure after the vuln is remediated.

Hello Kate! That's why a unique password for each login should be used. A password shared between more than one login is not good.

 

[HotKey]

The registry should reopen later today. 2 weeks+ downtime! Crazy.

They are not divulging any more additional info other than confirming they are 100% certain no payment info was stolen.

 

[linuxfree]

The registry should reopen later today. 2 weeks+ downtime! Crazy.

They are not divulging any more additional info other than confirming they are 100% certain no payment info was stolen.

2 weeks of downtime I can't believe it too