We are aware of the situation in which gov.on.ca and ontario.ca had their nameservers hijacked. easyDNS is the Registrar of record for these domains. easyDNS is not the DNS provider for them.
At this time we feel the need to keep this brief as there may potentially be an investigation into the attackers.
The attack vector method by which the domain was changed has been discovered and no longer exists. We can confirm that all other easyDNS customer domain records, DNS, passwords were not affected and not compromised in any way. All systems are secured.
We are in close contact with both the Province and CIRA.
On a related note, whenever we make a security related post we always use the opportunity to point out the security features in your accounts and it never hurts to enable them:
- Enable an account ACL
- Turn on all event notifications within your account
- Enable 2-factor authentication
- Use strong passwords with periodic resets.
These functions are accessible via the “Security” item in your left-hand side menu.
We take security extremely seriously and are leaving no stone unturned in our efforts to do so and we look forward to serving your domain and DNS needs in the future.
-mark
Leave a Reply