British graphic designer David Airey had his domain name stolen last month when an Internet bandit hijacked his Gmail account.
Gmail's security flaw allowed wrongdoers to install filters in their victim's account and redirect their email
David Airey's tale is a chilling one. A graphic designer by trade, Airey runs a blog under his own name, davidairey.com. He uses the blog to advertise his skills and find prospective clients, but also publishes information of a more personal nature.
So it was than when Airey decided to take a month's holiday in India at the end of November, he let everyone know about it on his blog.
But unbeknownst to him, his readers weren't all friends or clients. Lurking in the darker shadows of the Internet was an online crook who saw an opportunity to hold David Airey at ransom by kidnapping his domain name.
Transfer emails intercepted
How? By taking advantage of a security flaw in Google's Gmail service, which allowed the villain to get specific emails redirected to himself. Timing his heist to perfection, the hacker requested davidairey.com be transferred away from its current registrar on the very day that Airey left for his trip to India.
The registrar sent confirmation requests to Airey's Gmail account, where the crook intercepted them and completed the transfer. By the time Airey realized what had happened, it was too late. He contacted his own domain's new owner (the thief) and was told getting the name back would cost him $650.
Airey decided to fight this rather than caving in, contacted US registrar Godaddy, where the domain had been transferred to, and eventually got it back for free. And since Airey made a public fuss about the whole affair, Google has fixed the security flaw that allowed the name to be stolen in the first place.
Airey's story does however make a strong case for the need to manage important domains in a secure environment. "I’ve read in the comments on other websites that I deserved what I got, and that to use Google’s free GMail service for anything business-related is naïve," says Airey on his now up-and-running-again blog. "This is a valid point."
So too is the need to keep a watch on your domains or get a professional to do it for you when you're off on that month-long trek in exotic lands with no easy Internet access…
Lettre gratuite
Sur votre site
RSS
Print article
Email article
= requiert un