A recent cybersecurity incident involving domain registrar Openprovider has placed millions of domains at risk. The Dutch company mistakenly left over 100GB of sensitive internal and customer data publicly accessible. The leaked data included domain transfer codes, customer identities, and confidential logs.
The exposed information was discovered on April 6th, 2025, by researcher Bob Diachenko and the Cybernews team. It was traced to an open Elasticsearch instance, which allowed anyone to access highly detailed operational data. Openprovider secured the server the following day and later confirmed the data had been exposed for approximately three months.
Leaked Data Included Transfer Codes and Privacy-Protected Details
The incident revealed critical metadata such as usernames, reseller IDs, and even WHOIS-protected contact details. In some cases, names, phone numbers, and emails were exposed—despite customers paying for domain privacy services.
One of the most dangerous elements leaked was the authCode—a password-like token that allows domains to be transferred. If exploited, attackers could hijack domain names, redirect traffic, and conduct phishing campaigns.
The Elasticsearch server included over 164GB of data, with indices logging registration activity, backend architecture, and system design. Sensitive sectors, like finance, could be targeted by analyzing how domains were set up and linked across clients.
Security Response and Ongoing Risks
Openprovider acknowledged the misconfiguration and activated its incident response protocol. Affected clients are to be notified via upcoming communications. The company also intends to implement tighter internal controls and may introduce a bug bounty program to avoid future issues.
Cybersecurity experts recommend immediate steps for customers: rotate credentials, monitor domain activity, and remain alert for phishing attempts. Users relying on WHOIS privacy should be aware that their anonymity may have been compromised.
This breach serves as a warning to all organizations managing sensitive infrastructure. Misconfigured systems, even when unintentional, can lead to massive operational and reputational damage.
