IT.COM

warning Network Solutions Might Leak Credit Card Details Between Accounts

Spaceship Spaceship
Watch

Arca

Top Member
Impact
5,577
I just logged into my Network Solutions account and discovered that my “primary payment option” has been changed.

The credit card and personal information of another NetworkSolutions customer is now listed there.

So basically I have somebody elses credit card (that won't expire until years later), name, and address as my primary option on file in my account.

I have no idea how it got there. Must be some kind of bug in their system.

So basically I could go on a buying spree buying premium domains in the Network Solutions system (or just renew all my domains) with this other Network Solutions customers' credit card if I wanted, thanks to Network Solutions putting his credit card into my account... It's shocking how poorly they protect their customers' sensitive data!

Just a warning to everyone who have given their credit card info to Network Solutions. Your sensitive data may have been "copied" to the accounts of other Network Solutions customers. Keep an eye out for unauthorized transactions originating at Network Solutions, as it could be another user using your credit card.
 
17
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Take a screenshot, if you haven't already!
 
4
•••
You should report this ASAP. (Well .. hope you already did before posting about it openly here ... lol).

Certainly not unique to Network Solutions .. I remember once a few years back logging into somebody else's GoDaddy account with my own credentials. I lasted a few hours IIC. I know it seems like I always pick on GD .. but it's only that way cause I use them the most .. the problem is that the bigger a company gets .. the less anybody has any clue what is going on under the hood.
 
4
•••
You should report this ASAP. (Well .. hope you already did before posting about it openly here ... lol).

Certainly not unique to Network Solutions .. I remember once a few years back logging into somebody else's GoDaddy account with my own credentials. I lasted a few hours IIC. I know it seems like I always pick on GD .. but it's only that way cause I use them the most .. the problem is that the bigger a company gets .. the less anybody has any clue what is going on under the hood.
I'm not going to report it, but I will delete the credit card on file from my account.
 
0
•••
I'm not going to report it, but I will delete the credit card on file from my account.

You really should report stuff like this .. particularly if you're posting it openly. Sure NS are responsible .. but when it comes to security everyone needs to take action when they see something (or at least when it's very serious like this case). Chances are somebody else now has access to your own credit card.

Technically if you don't report potential fraud, you can be held responsible for your losses. If not for yourself or for Network Solutions .. do it for the countless other domainers whose credit card information is now vulnerable.


I report soooo many issues to GoDaddy virtually on a weekly basis .. I just feel like if I don't then everybody suffers. (The problem lies in the fact they more often than not they don't fix anything and sweep most issues under the closet and never follow up .. but that's another matter .. lol .. but at least now they are 100% to blame)
 
Last edited:
5
•••
Whenever I bring up issues/wrongdoing to NetSol, they either don't care, don't have a clue, or tend to be extremely defensive and sometimes turn around and accuse me of wrongdoing/threaten me/my account with them.

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

I have no proof that it wasn't me who put those credit card details there (and they have limited records of what's going on in their system as well). I just logged in and discovered that somebody elses credit card details are now in my account and provided the community with a warning which people can choose whether or not they want to act upon.

Anyone who's given their credit card to NetSol should consider blocking them from making charges and/or requesting a new credit card number to be issued to them to be on the safe side.
 
3
•••
Why dont you buy some domain name immediately, then they will run behind you, ultimately.
 
0
•••
I just logged into my Network Solutions account and discovered that my “primary payment option” has been changed.

The credit card and personal information of another NetworkSolutions customer is now listed there.

So basically I have somebody elses credit card (that won't expire until years later), name, and address as my primary option on file in my account.

I have no idea how it got there. Must be some kind of bug in their system.

So basically I could go on a buying spree buying premium domains in the Network Solutions system (or just renew all my domains) with this other Network Solutions customers' credit card if I wanted, thanks to Network Solutions putting his credit card into my account... It's shocking how poorly they protect their customers' sensitive data!

Just a warning to everyone who have given their credit card info to Network Solutions. Your sensitive data may have been "copied" to the accounts of other Network Solutions customers. Keep an eye out for unauthorized transactions originating at Network Solutions, as it could be another user using your credit card.
You should cancel whatever card you had associated with your account. Who knows if someone else has your info like you have theirs.
 
0
•••
Whenever I bring up issues/wrongdoing to NetSol, they either don't care, don't have a clue, or tend to be extremely defensive and sometimes turn around and accuse me of wrongdoing/threaten me/my account with them.

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

I have no proof that it wasn't me who put those credit card details there (and they have limited records of what's going on in their system as well). I just logged in and discovered that somebody elses credit card details are now in my account and provided the community with a warning which people can choose whether or not they want to act upon.

Anyone who's given their credit card to NetSol should consider blocking them from making charges and/or requesting a new credit card number to be issued to them to be on the safe side.

Too many scary things going on there. As I mentioned in the DomainNames.com thread, they have also been charging me monthly for privacy for a name I transferred away from them a long time ago.

Thankfully, I have now received a refund. But how can you charge for domains that are not even in your system?

It is really annoying that some names won at NameJet are placed at NetSol. Otherwise I would never ever use them. They only survive because of their first-mover advantage.
 
3
•••
I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

Report it to the card company.
 
1
•••
You should cancel whatever card you had associated with your account. Who knows if someone else has your info like you have theirs.
Agreed. I don't know if this is a widespread issue or just limited to my account, but it's better to be on the safe side when it comes to Network Solutions.
 
0
•••
Whenever I bring up issues/wrongdoing to NetSol, they either don't care, don't have a clue, or tend to be extremely defensive and sometimes turn around and accuse me of wrongdoing/threaten me/my account with them.

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

I have no proof that it wasn't me who put those credit card details there (and they have limited records of what's going on in their system as well).
.

Sorry to hear that. I rarely had a good experience with them going back yo mid 90’s, always a hassle and some less than qualifed employee to argue with.

I have no names with them now, so cannot answer this myself... but don’t they have any tracking info on changes?

As you know, for example Dynadot, Namesilo and Namebright all log IP’s and all changes on each domain registered. It’s visible once you are in the account too.
So does that not exist in their interface?

It seems to grossly negligent of this situation to have occured if more than two persons were effected and they did not proactively notifiy all customers if it is a backend software database problem. Who knows it could have been botched by a hacker trying to do something like Equifax. Then again, it took several months for Equifax to report it in their indecision, CYA efforts, etc.
 
0
•••
1
•••
0
•••
Sorry to hear that. I rarely had a good experience with them going back yo mid 90’s, always a hassle and some less than qualifed employee to argue with.

I have no names with them now, so cannot answer this myself... but don’t they have any tracking info on changes?

As you know, for example Dynadot, Namesilo and Namebright all log IP’s and all changes on each domain registered. It’s visible once you are in the account too.
So does that not exist in their interface?

It seems to grossly negligent of this situation to have occured if more than two persons were effected and they did not proactively notifiy all customers if it is a backend software database problem. Who knows it could have been botched by a hacker trying to do something like Equifax. Then again, it took several months for Equifax to report it in their indecision, CYA efforts, etc.
I don't know whether they keep track of credit card on file changes.

But they apparently have very limited oversight over domains moving around/in/out of their system.

I previously reported to them about a domain moving out of my NetSol account without my authorization, and after giving me several explanations that were outright wrong, they were ultimately, after days of research, only able to give me some vague explanation. Have had different forms of unauthorized domain transfer take place at NetSol where I never got any answer from them as to what happened. I've also caught them frontrunning my name due to their messy system accidentally sending me some emails I shouldn't have gotten. So it's clear that they don't have a clear overview of what happens with the domains at their registrar. Because they are not able to accurately track changes to the domains at their registrar, I assume their oversight of credit card changes is no better.
 
1
•••
2
•••
I have told many times, but people never listned.

NetSol is Biggest Scamm site, Don't use them, if you use them then don't be surprised for something wrong.
 
0
•••
I would keep screenshots and also save the HTML source just in case.
But I think they should be notified in the interest of responsible disclosure.

Now, thinking as a developer: bugs should never be ignored or downplayed. They can be a security risk.
 
4
•••
As of April 12, 2017, NCSL.org reports: Forty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information.

from: https://www.pcicomplianceguide.org/faq/#29


If you suffer a data breach and lose card data, and you are not PCI DSS compliant, you could incur fines for the loss of this data and the operational costs associated with replacing the accounts

http://www.barriernetworks.co.uk/compliance/pci-dss/
 
Last edited:
0
•••
I would keep screenshots and also save the HTML source just in case.
But I think they should be notified in the interest of responsible disclosure.

Now, thinking as a developer: bugs should never be ignored or downplayed. They can be a security risk.
Thinking, not as a developer, but as a customer, I think NetSol is should disclose to their customers when:

- they take domains out of users accounts without any authorization by the owner
- when they front run their users domains and pocket the difference in case of a sale
- when they hijack their users domains with ZTOMY nameservers
- when they steal non-expired domains for New Venture Services Corp
- when they send users expired domains at the earliest opportunity for New Venture Services Corp and pretend it's a different company
- when they charge you for services you never ordered (nor received)
- any other BS they regularly pull

Do they do any of this though? No. They use every opportunity to slight their customers, and only look out for themselves at the expense of their customers. They are one of the most underhanded and deceptive companies in the industry, and I my experiences with them tell me, if it it can go wrong at NetSol it will go wrong.

So for those telling me to report it to them directly, no I am not going to because it's too risky for me. That's what my experience with them tells me. I don't know where this credit card has been disseminated across their platform, I don't know what kind of unauthorized charges have been made to it, if any. I'm not going to report this only to face the risk of having them tell me that after the card was entered into my account it has been charged, and they are holding me responsible for those charges. Because that's the kind of thing that can happen when you deal with netsol. They've screwed me out of money before, and I don't want that to happen again.

I've reported this cc issue here for the whole community to see, whether or not you want to heed this warning is completely up to you.
 
1
•••
They are one of the most underhanded and deceptive companies in the industry, and I my experiences with them tell me, if it it can go wrong at NetSol it will go wrong.

So why are you using them?

And why do you trust them with your personal info and card data?
 
0
•••
Thanks @Arca ,

Moving my names in batches before it gets too late.I remember paying them for a name i thought they backordered successfully but they didnt meanwhile they charged me for it until I realized it wasnt caught by them but dynadot and told them this before they apologized bla bla and refunded me. I dont trust them one bit and only check my transactions since I use snapnames which is linked to them. Good thing I dont have my card in there and use PP if i have to. Something is wrong with them for sure .
 
1
•••
So why are you using them?
To receive NameJet and SnapNames won domains. Most NameJet and SnapNames won domains, if not registered there already, are sent to your netsol account linked to these auction houses.
And why do you trust them with your personal info and card data?
netss.png

I don't.
 
Last edited:
4
•••
I remove my domains from NetSol as soon as the 60 day lock past a NameJet auction win passes. I've no credit card on file.
 
2
•••
I remove my domains from NetSol as soon as the 60 day lock past a NameJet auction win passes. I've no credit card on file.
You might now.
 
3
•••
Back