300 UK domains pilfered, massive security lapse blamed

http://en.wikipedia.org/wiki/United_Kingdom

What appears to be a glaringly obvious security hole has been blamed for the snatching of 300 domains hosted by one web-hosting firm last year, The Reg has discovered.

A source told El Reg that anyone with a hosting package from 123-Reg, and hence an account control panel, simply had to change the final section of the URL manually (to, for example, /someoneelseswebsite.co.uk) to be able to gain access to another site’s emails, name servers and billing.

Read more: 300 UK domains pilfered, massive security lapse blamed

Story added 21. March 2013, content source with full text you can find at link above.