A small glitch during a planned database upgrade by Bulkregister.com gave a big scare to
some of its customers this weekend.
When clients of the Internet’s second-largest domain registrar logged in to
access their accounts Sunday, some found their domain records had apparently
been modified and replaced with erroneous data. That quickly led many to
conclude that the system had been compromised by attackers.
However, Bulkregister.com Monday blamed the problem on a programming error in
an enhanced customer database system rolled out by the company Saturday
“This was totally self-inflicted,” said Bulkregister.com CEO Tony Keyes.
A bug in the new system’s query function caused customers doing look-ups on
their accounts to see other customer’s domain records, including account
names, e-mail addresses, and DNS information, but not credit card
information or account passwords.
According to Keyes, the customer data itself was never compromised, nor was
the domain information maintained by the Network Solutions registry. The
software glitch, which affected about two hundred of Bulkregister’s 15,000
clients, was corrected Sunday evening.
Among the visible data were the customers’ “handles” or account names and
“approved from” e-mail addresses. Armed with these two pieces of information,
an unscrupulous person could potentially effect the transfer of a domain to
As a precaution, Bulkregister is implementing a lock on the affected
customer records until it can contact the domain owners and verify that
their data is correct.
“Just in case someone who saw data that didn’t belong to them is very
creative and thought of something to do that would appear to be a problem,
we felt it was better just to lock it down until our client tells us it’s
okay to take it off,” said Keyes.
Bulkregister.com is a wholesale provider of domain name registration
services to ISPs, web hosting and web designer clients around the world. To
date, the company has registered more than 2 million Internet addresses
since launching in December of 1999.