BookMyName: a cyberattack compromised data linked to domain names
French domain registrar BookMyName detected a security incident on 5 May 2026 in which an attacker exploited a vulnerability to fraudulently alter domain contact data, exposing logins, names, emails, phone numbers and postal addresses of some customers.
- Victim
- BookMyName
On 5 May 2026, BookMyName β a French domain registrar and DNS/hosting provider β detected a security incident and temporarily suspended all of its services to secure its infrastructure and investigate. The company notified a subset of affected customers by email.
According to BookMyName, an unauthorized third party exploited a vulnerability that allowed the fraudulent modification of certain contact data associated with domain names. The provider stated that no passwords were compromised, no payment methods were affected, no domain ownership transfers were detected, and there was no loss of domain availability.
The exposed data linked to affected domains included:
- Login identifiers
- First and last names
- Company name (where applicable)
- Email addresses
- Phone numbers
- Postal addresses
The company warned that the exposed information could be abused for the fraudulent alteration of WHOIS/contact records, as well as for targeted phishing, identity theft, attacks on linked accounts, and reconnaissance. BookMyName advised affected customers to remain vigilant about suspicious communications relating to their domains. No specific count of affected customers or domains was disclosed. The incident appears contained, with services restored after the infrastructure was secured.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/bookmyname-une-cyberattaque-a-compromis-des-donnees-liees-a-des-noms-de-domaine/