Moniker is Done

[labrocca]

As many know the registrar Moniker was sold to a new company at the beginning of the summer. Before this sale it was my main registrar for hundreds of domains. I had good security and decent support during a 10 year period as one of their first customers back when Monte ran the show and started the company. It was sold to Snapnames at some point but not many changes were made that were a detriment.

However this recent sale has imho destroyed the registrar completely. It took me a few months to get all domains moved but it was vital I did so. Security has gone to hell. My account was compromised multiple times and they seemingly refuse to explain. I get replies about how my emails or password must be compromised which is IMPOSSIBLE. I'm 100% secure on my end. I tried multiple times in detail to explain this fact to them but no dice. Apparently extra users were added to my account and somehow people are logging in even as recent as this week. Yet my password and emails are definitely secure.

Sean Love is suppose to be their support rep supervisor and even though I requested multiple times to speak directly with him, the best I got was a rather generic email from him about how it appears my email was compromised and I need to reset it to regain my account. Total and utter nonsense.

I've wasted countless hours since the sale and had my main sites redirected after DNS changes I did not authorize even though I have portfolio maxlock. They couldn't explain any of it but what's worse is they just didn't bother investigating fully. So my confidence in their security is zero and all my domains are now at different registrars with modern security features like 2FA as well as better customer support.

I'm done with Moniker forever. I suggest those who use them now consider a move unless you don't value your domains. If you're thinking about using Moniker to register new domains. Please reconsider. No one with an ounce of sense should be using this company any more.

 

[Kate]

Snapnames were hacked a while ago, along with other registrars. And even back in the days of Monte they were storing passwords in plain text... I think this registrar has always been overrated by domainers from a security POV.

 

[carob]

I've also been leaving Monkier - it is not worth the hassle and risk being there - I have under 5 domains still to exit.

 

[Acroplex]

If you have an account with Moniker contact me immediately.

 

[Acroplex]

To expedite addressing this new Moniker cluster*uck here's the juice: http://acro.net/blog/domains/moniker-password-reset-points-apparent-mass-hacking-accounts/

 

[enlytend]

Yes - I had the exact same reaction when I saw that message this AM - plaintext, with my account and new password, without my requesting it. WTG, Moniker!!!

Oh and somehow I now have THREE logins with 3 different passwords, even though I have ONE account?

Spent some time this AM doing transfers. When I'm done the only thing left in there will be a few straggler .us names that I'm still debating where to relocate. They've totally jumped the shark.

 

[Acroplex]

Check your IP logs - bottom left column of your account - for any suspicious logins around 9/23/2014

 

[N-A]

Oh and somehow I now have THREE logins with 3 different passwords, even though I have ONE account?

I have 2 accounts and one has 1 domain, the other has 2. I found the email odd as it did land in spam, sent from [email protected] and it seemed "off". Thought it was a scam.

The new password for your account XXXXXXX is as follows XXXXXXXXXXXXXXX. <- Don't know what that is

Please find below passwords for the sub accounts that we found in your settings:

XXXXXX XXXXXXXXXXXXXXXXXXX <- 6 digit, with the 1 domain

(I moved all my domains out but 3 that I couldn't because of transfer locks when Moniker decided to give up my privacy info while I was on vacay, checking if I can now)

Edit: Looks like Moniker created a new account and the account I had is now a sub account (been a while since my last login). The sub accounts that they changed passwords for, can't change passwords on. So, anybody can login to those? The main account you can change a password on. However, what can a sub account do? O.o

 

[enlytend]

Check your IP logs - bottom left column of your account - for any suspicious logins around 9/23/2014

Nothing unusual - nothing around that date except for my login on 9/29.

 

[JB Lions]

My new password isn't working.

When getting a new one, they ask for - Current password

Is that the one you've been using, or the new one they sent in the email?

 

[N-A]

@JB Lions , the passwords in my email worked. Except I was confused as the "sub account" was my main account last time I checked Moniker. I left them a long time ago and just forgot to transfer these others out since it's a pain.

 

[JB Lions]

@JB Lions , the passwords in my email worked. Except I was confused as the "sub account" was my main account last time I checked Moniker. I left them a long time ago and just forgot to transfer these others out since it's a pain.

The passwords they sent to me worked as well. But after I login, you're supposed to get new passwords. When I tried logging back in with the new password I chose, it didn't work.

"Please reset your passwords to one of your own choosing that meets the new password requirements at your earliest convenience."

Which I did, now I can't get back in. Was wondering if it was because of this:

"Current password

Is that the one you've been using, or the new one they sent in the email?"

Not sure of they mean the one I've been using or the new one they sent in mail. Not sure if that has anything to do with not being able to login now.

I think I'm with a lot of people and only have a Moniker account because of auctions that send domains over there. Can't imagine why anybody would use them besides that, especially today.

Then the accounts and sub-accounts stuff. They're a mess.

 

[Acroplex]

So far several people report the same IP accessing their accounts on 9/23. This indicates a large list of customer credentials was put to use in order to validate the credentials.

 

[Bearded Goat]

I have had 2 separate phone calls already today with moniker.

Received the email. Went immediately to start the process of seeing if I could login. I was able to, but none of my domains were there. I was logging into this phantom account created when they launched their new system.

So I called. They sent a new email. I was not able to login with the account and pass next to my customer id. But I was able to login using the details lower in the email for one of the sub accounts. But after logging in using sub account details, it does not allow a change in the password. It gives the error that only main account user is allowed to do that.

Called again. They supposedly sent another email to reset. I never got it. I also am now not getting any transfer code emails or renewal duration changed emails.

No transfers will be taking place for while...

 

[Acroplex]

A few domains that were identified as stolen, the result of this gaping security hole:
http://domaingang.com/domain-news/several-valuable-domains-reportedly-stolen-moniker-accounts/

 

[Dave_Z]

SMH.

Sorry to see some of you experiencing needless headaches with Moniker. Goes to show anything can change, some for the worse.

 

[.NJ]

$hit....someone logged into my account on 09/23/14.

Here is the IP address: 88.150.178.59

 

[Domainace]

And they sent the user names and passwords in plain unencrypted text! I can laugh because I moved all of my names out except those I wanted to drop over a year ago. (And I'm even regretting leaving those in there.) Hard to believe there was a time when Moniker was a top registrar. Harder to believe a registrar can be managed so abysmally.

 

[Acroplex]

More names identified as stolen, including YN.com and BIT.com
http://domaingang.com/domain-news/two-priceless-domains-stolen-moniker-now-frozen-name-com/

 

[matrigaldo]

Who is that crazy keeping such domains like BIT.COM on Moniker?