warning Network Solutions Might Leak Credit Card Details Between Accounts

[Arca]

I just logged into my Network Solutions account and discovered that my “primary payment option” has been changed.

The credit card and personal information of another NetworkSolutions customer is now listed there.

So basically I have somebody elses credit card (that won't expire until years later), name, and address as my primary option on file in my account.

I have no idea how it got there. Must be some kind of bug in their system.

So basically I could go on a buying spree buying premium domains in the Network Solutions system (or just renew all my domains) with this other Network Solutions customers' credit card if I wanted, thanks to Network Solutions putting his credit card into my account... It's shocking how poorly they protect their customers' sensitive data!

Just a warning to everyone who have given their credit card info to Network Solutions. Your sensitive data may have been "copied" to the accounts of other Network Solutions customers. Keep an eye out for unauthorized transactions originating at Network Solutions, as it could be another user using your credit card.

 

[Ategy]

I'm not going to report it, but I will delete the credit card on file from my account.

You really should report stuff like this .. particularly if you're posting it openly. Sure NS are responsible .. but when it comes to security everyone needs to take action when they see something (or at least when it's very serious like this case). Chances are somebody else now has access to your own credit card.

Technically if you don't report potential fraud, you can be held responsible for your losses. If not for yourself or for Network Solutions .. do it for the countless other domainers whose credit card information is now vulnerable.


I report soooo many issues to GoDaddy virtually on a weekly basis .. I just feel like if I don't then everybody suffers. (The problem lies in the fact they more often than not they don't fix anything and sweep most issues under the closet and never follow up .. but that's another matter .. lol .. but at least now they are 100% to blame)

 

[DNWon]

Take a screenshot, if you haven't already!

 

[Ategy]

You should report this ASAP. (Well .. hope you already did before posting about it openly here ... lol).

Certainly not unique to Network Solutions .. I remember once a few years back logging into somebody else's GoDaddy account with my own credentials. I lasted a few hours IIC. I know it seems like I always pick on GD .. but it's only that way cause I use them the most .. the problem is that the bigger a company gets .. the less anybody has any clue what is going on under the hood.

 

[Kate]

I would keep screenshots and also save the HTML source just in case.
But I think they should be notified in the interest of responsible disclosure.

Now, thinking as a developer: bugs should never be ignored or downplayed. They can be a security risk.

 

[Arca]

So why are you using them?

To receive NameJet and SnapNames won domains. Most NameJet and SnapNames won domains, if not registered there already, are sent to your netsol account linked to these auction houses.

And why do you trust them with your personal info and card data?

I don't.

 

[main]

Thanks for the heads up. I don't blame you for not wanting to get involved with NetworkSolutions. Most people here know that you've been a vigilant watch dog to help the domain investing community in a variety of areas.

 

[skipper708]

this is the beginning stage of you losing your domain that you just won at a namejet auction. look for the domain that has an extra year or more added on to it. the previous owner just renewed it in their account. so now the domain is in both your account and the previous owners. as soon as the 60 day lock is up you need to move it out! this has happened to me 3 times. lost the domain the first time, got the other 2 out.

 

[Arca]

Whenever I bring up issues/wrongdoing to NetSol, they either don't care, don't have a clue, or tend to be extremely defensive and sometimes turn around and accuse me of wrongdoing/threaten me/my account with them.

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

I have no proof that it wasn't me who put those credit card details there (and they have limited records of what's going on in their system as well). I just logged in and discovered that somebody elses credit card details are now in my account and provided the community with a warning which people can choose whether or not they want to act upon.

Anyone who's given their credit card to NetSol should consider blocking them from making charges and/or requesting a new credit card number to be issued to them to be on the safe side.

 

[Embrand]

Whenever I bring up issues/wrongdoing to NetSol, they either don't care, don't have a clue, or tend to be extremely defensive and sometimes turn around and accuse me of wrongdoing/threaten me/my account with them.

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

I have no proof that it wasn't me who put those credit card details there (and they have limited records of what's going on in their system as well). I just logged in and discovered that somebody elses credit card details are now in my account and provided the community with a warning which people can choose whether or not they want to act upon.

Anyone who's given their credit card to NetSol should consider blocking them from making charges and/or requesting a new credit card number to be issued to them to be on the safe side.

Too many scary things going on there. As I mentioned in the DomainNames.com thread, they have also been charging me monthly for privacy for a name I transferred away from them a long time ago.

Thankfully, I have now received a refund. But how can you charge for domains that are not even in your system?

It is really annoying that some names won at NameJet are placed at NetSol. Otherwise I would never ever use them. They only survive because of their first-mover advantage.

 

[Arca]

I remove my domains from NetSol as soon as the 60 day lock past a NameJet auction win passes. I've no credit card on file.

You might now.

 

[Arca]

So I think it's time to log in to my NetSol account and go buy some domains with someone else's credit card

Just don't buy DomainNames.com.

 

[skipper708]

How did NetSol approach/handle this when they took the domain out of your account?

Did you get a refund from NameJet?

"you are solely responsible for the credit card or payment information you provide to Network Solutions"

The CC info is erroneously "provided" by NetSol themselves in this scenario, not the user.

Yes, I got a refund for the full price which was about $1150 or so. The domain disappeared from my account without any explanation, so I had to create a ticket at Namejet. There was also an email that I missed that told me the domain was renewed for 1 extra year. This was a sign of the problem in addition to seeing the previous owners CC number in my account. I was really pushing to get the domain, but ended up with a refund. I had control of the domain for about 4 months with my whois info showing as the owner, name servers working, and parking stats recording, etc. The domain and the dollar amount is not really worth suing them over. You just need to watch for this!

 

[campout]

I'm just waiting to see how much NetwurstProblems will start charging for this "service".

For only $29.99 a month, you can now purchase an upgraded account with the special feature that we won't leak your credit card details to our other customers.

 

[Furquan]

Why dont you buy some domain name immediately, then they will run behind you, ultimately.

Wow, are you serious or it's just a joke?

 

[Acroplex]

I remove my domains from NetSol as soon as the 60 day lock past a NameJet auction win passes. I've no credit card on file.

 

[Acroplex]

I don't. While I understand that you ran into what appears to be a bug, announcing it to the public while not providing that same info to the company isn't exactly good practice. We all have favorites and non-favorites in any market, including domaining, but security issues should be reported in private. NetSol isn't exactly watching this very thread and someone might take advantage of this issue, if it exists.

 

[tonecas]

Clicking through a few pages of that transfer out "form" is standard procedure for everyone for every single authorization code you want to retrieve. You have to do it individually 100 times if you want to transfer out 100 names.

And then you receive a transfer email from them where you can follow a link to a web page where you can authorize right away the transfer but it doesn't do anything and you have to wait for the 5 days default period. Ridiculous and on purpose to refrain a costumer to exit them. And 3 days to provide a transfer code because of security reasons, give me a break...

 

[NoBS]

I had someone elses cc info in my NS account after I won a backorder maybe 15 years ago. I wasn't a domainer I just needed a name for my website. I vaguely recall a receipt sent to me for a service costing $100 or more that was charged to that cc, and I let them know.

I won my first backorder with NS a couple of years ago as a domainer. Again in my new account I saw someone elses cc info. It was there for a while maybe a year before I saw it. I didn't want to change or delete any of the info before letting them know and the cc info was deleted following my second support request, two or three months after my initial ticket.

Just guessing maybe the cc details are carried over from the previous registrant if that domain is being transfered into a new account, or if that was the registrants only domain the details are replaced with the new owners?

 

[carob]

I'm not going to report this to them only to risk them coming up with some BS about me attempting credit card fraud/stealing other people's credit cards.

Report it to the card company.

 

[offthehandle]

Why dont you buy some domain name immediately, then they will run behind you, ultimately.

I hope you were only joking.

 

[Arca]

Sorry to hear that. I rarely had a good experience with them going back yo mid 90’s, always a hassle and some less than qualifed employee to argue with.

I have no names with them now, so cannot answer this myself... but don’t they have any tracking info on changes?

As you know, for example Dynadot, Namesilo and Namebright all log IP’s and all changes on each domain registered. It’s visible once you are in the account too.
So does that not exist in their interface?

It seems to grossly negligent of this situation to have occured if more than two persons were effected and they did not proactively notifiy all customers if it is a backend software database problem. Who knows it could have been botched by a hacker trying to do something like Equifax. Then again, it took several months for Equifax to report it in their indecision, CYA efforts, etc.

I don't know whether they keep track of credit card on file changes.

But they apparently have very limited oversight over domains moving around/in/out of their system.

I previously reported to them about a domain moving out of my NetSol account without my authorization, and after giving me several explanations that were outright wrong, they were ultimately, after days of research, only able to give me some vague explanation. Have had different forms of unauthorized domain transfer take place at NetSol where I never got any answer from them as to what happened. I've also caught them frontrunning my name due to their messy system accidentally sending me some emails I shouldn't have gotten. So it's clear that they don't have a clear overview of what happens with the domains at their registrar. Because they are not able to accurately track changes to the domains at their registrar, I assume their oversight of credit card changes is no better.

 

[Arca]

I would keep screenshots and also save the HTML source just in case.
But I think they should be notified in the interest of responsible disclosure.

Now, thinking as a developer: bugs should never be ignored or downplayed. They can be a security risk.

Thinking, not as a developer, but as a customer, I think NetSol is should disclose to their customers when:

- they take domains out of users accounts without any authorization by the owner
- when they front run their users domains and pocket the difference in case of a sale
- when they hijack their users domains with ZTOMY nameservers
- when they steal non-expired domains for New Venture Services Corp
- when they send users expired domains at the earliest opportunity for New Venture Services Corp and pretend it's a different company
- when they charge you for services you never ordered (nor received)
- any other BS they regularly pull

Do they do any of this though? No. They use every opportunity to slight their customers, and only look out for themselves at the expense of their customers. They are one of the most underhanded and deceptive companies in the industry, and I my experiences with them tell me, if it it can go wrong at NetSol it will go wrong.

So for those telling me to report it to them directly, no I am not going to because it's too risky for me. That's what my experience with them tells me. I don't know where this credit card has been disseminated across their platform, I don't know what kind of unauthorized charges have been made to it, if any. I'm not going to report this only to face the risk of having them tell me that after the card was entered into my account it has been charged, and they are holding me responsible for those charges. Because that's the kind of thing that can happen when you deal with netsol. They've screwed me out of money before, and I don't want that to happen again.

I've reported this cc issue here for the whole community to see, whether or not you want to heed this warning is completely up to you.

 

[Skyvisum]

Thanks @Arca ,

Moving my names in batches before it gets too late.I remember paying them for a name i thought they backordered successfully but they didnt meanwhile they charged me for it until I realized it wasnt caught by them but dynadot and told them this before they apologized bla bla and refunded me. I dont trust them one bit and only check my transactions since I use snapnames which is linked to them. Good thing I dont have my card in there and use PP if i have to. Something is wrong with them for sure .

 

[Haris]

Just don't buy DomainNames.com.

Unfortunately there is no credit card in my account lucky you