Skip to content
Vulnerability exploitContained

BookMyName: a cyberattack compromised data linked to domain names

French domain registrar BookMyName detected a security incident on 5 May 2026 in which an attacker exploited a vulnerability to fraudulently alter domain contact data, exposing logins, names, emails, phone numbers and postal addresses of some customers.

Victim
BookMyName

On 5 May 2026, BookMyName β€” a French domain registrar and DNS/hosting provider β€” detected a security incident and temporarily suspended all of its services to secure its infrastructure and investigate. The company notified a subset of affected customers by email.

According to BookMyName, an unauthorized third party exploited a vulnerability that allowed the fraudulent modification of certain contact data associated with domain names. The provider stated that no passwords were compromised, no payment methods were affected, no domain ownership transfers were detected, and there was no loss of domain availability.

The exposed data linked to affected domains included:

  • Login identifiers
  • First and last names
  • Company name (where applicable)
  • Email addresses
  • Phone numbers
  • Postal addresses

The company warned that the exposed information could be abused for the fraudulent alteration of WHOIS/contact records, as well as for targeted phishing, identity theft, attacks on linked accounts, and reconnaissance. BookMyName advised affected customers to remain vigilant about suspicious communications relating to their domains. No specific count of affected customers or domains was disclosed. The incident appears contained, with services restored after the infrastructure was secured.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/bookmyname-une-cyberattaque-a-compromis-des-donnees-liees-a-des-noms-de-domaine/

Related incidents

Vulnerability exploitContained

Leak at Oracle Cloud

In late March 2025, a threat actor known as 'rose87168' claimed to have stolen roughly 6 million authentication records from an Oracle Cloud SSO/LDAP endpoint, potentially affecting over 140,000 tenants; Oracle initially denied any breach before privately confirming a compromise to customers.

Victim
Oracle Cloud
Records
6.0M