Developer accuses 123-reg of lapse in security after 120 domains redirect to ransom sites


123-reg, one of UK’s leading hosting providers, has reportedly been accused of a security failure after a user complained his account had been hacked and his clients’ domains redirecting to a ransomware site.

The user identified as a web design agency owner has more than 120 domains registered with 123-reg, mostly belonging to clients.

After a visitor visiting one of the sites contacted him, he was shocked to find that half of the domains registered with the hosting provider redirected to a warning that read the browser had been “blocked” by police and a fine must be paid to get their computer unlocked.

He immediately informed 123-reg about the issue and found that hackers had accessed his account and altered some of the DNS records and other account settings.

The victim told PC Pro that “All 120-plus domain names had been set to auto-expire,” and “Half were redirected to spurious locations and more than a third had compromised DNS, with additional DNS redirects to these ransom sites.”

123-reg confirmed the incident saying that investigation has already begun.

The company revealed in a statement that “While we cannot at this stage determine whether the account was definitely hacked, we can confirm that once contacted by the customer we did act upon the enquiry and took all the necessary measures that we could from our side to investigate and help.”

The hosting company however claimed the incident to be an “isolated” one.