Cyber Incident Victim: eNom

On May 21, 2015, domain registrar eNom notified customers of a DNS hijacking attack targeting four domains under its management. Attackers altered DNS settings to redirect web traffic from legitimate domains to unauthorized destinations, potentially exposing visitors to malicious content or credential harvesting. CEO Taryn Naidu characterized the incident as a sophisticated attack but emphasized no evidence indicated compromise of customer accounts, stolen domains, or access to sensitive information. The DNS configuration changes affected name server IP address mappings, which translate domain names to their corresponding web server locations. eNom detected the hijacking quickly, mitigating the situation within a short timeframe to limit unauthorized traffic redirection. Federal law enforcement agencies were engaged within hours of discovery, though specific dates of the attack and affected domains were not publicly disclosed. The company's notification letter emphasized transparency regarding the breach while asserting that operational impacts were contained to temporary DNS manipulation.

Investigations confirmed the attackers exclusively manipulated DNS records without penetrating eNom’s account systems or exfiltrating customer data. The St. Louis Federal Reserve had separately reported a DNS hijacking incident on April 25, 2015, involving unauthorized name server modifications through an unnamed DNS vendor later identified as eNom. This temporal proximity and registrar relationship suggested a potential connection between the events, though eNom’s breach notification did not explicitly confirm this linkage. No additional domains beyond the initial four were confirmed as compromised, and normal DNS resolution services were restored following mitigation. The incident highlighted risks associated with DNS infrastructure vulnerabilities but resulted in no verified data loss or persistent system compromise for eNom or its clients.