In the digital age, a company's domain name is a key part of its identity. Can you imagine Amazon not at www.amazon.com, for example? Or Legal Blog Watch somewhere other than https://legalblogwatch.typepad.com? I don't think so!
A Los Angeles-based start-up company called Lissn learned last week that inadequate security for domain names can lead to a very frustrating situation. Lissn writes on its blog today that on Friday, hackers were able to use a "compromised email address" to hijack and steal its Lissn.com domain name:
After gaining access, they were able to transfer the domain to their own overseas registrar.... The hackers redirected Lissn to a server in the Netherlands, kept our homepage, and replaced the login button with a message that read “Lissn is currently down for maintenance, sorry for any inconvenience...."
The hijacked page still misleadingly bears the Lissn logo and states, "Lissn is currently down for maintenance, sorry for any inconvenience."
LIssn writes that it has contacted authorities about this digital heist and is trying to recover Lissn.com, but it compares the situation to the theft of a horse in the Old West, in that it is a crime that often goes unpunished. LIssn says it is difficult and time consuming to find domain thieves, and notes that the first-ever conviction for stealing a domain name occurred just six months ago.
As a result of the breach and theft of the Lissn.com domain name, Lissn has now switched over to Lissn.in (like "listen in" -- get it?), and wants to share the lessons it learned the hard way with others. Here are Lissn's suggestions for companies that want to prevent this type of hijacking from happening to them:
- Change the passwords associated with your domain registration frequently, especially the password for your email address, and never use that same password for anything else.
- Don't use gmail or another free email provider for your domain administrator contact. If you are using gmail, turn on alerts for unusual activity.
- Use a domain registrar with good security processes in place.
So don't get domain-jacked. Firm up your firm's security with your registrar ASAP.