TLD’s affected by CentralNic Registry authCode reset

CentralNic Registry was recently informed of a security issue with one of its third-party vendors. There’s no evidence of a compromise or any unauthorised access however there is a risk that domain authCode’s have been leaked.

A domain auth code can be used to steal a domain from you.

Any domain owners of the following TLD’s are advised to reset the authCode for their domain.

Some registrar’s are batch voiding and regenerating auth codes for affected domains but not all.

Affected TLD’s

gTLDs

• .art
• .bar
• .basketball
• .best
• .college
• .ceo
• .design
• .fans
• .feedback
• .frl
• .fun
• .gent
• .host
• .icu
• .ink
• .love
• .observer
• .online
• .ooo
• .press
• .protection
• .realty
• .reit
• .rent
• .rest
• .security
• .site
• .space
• .storage
• .store
• .tech
• .theatre
• .tickets
• .website
• .wiki
• .xyz

Official ccTLDs

• .bh, Bahrain
• .fm, Federated States of Micronesia
• .fo, Faroe Islands
• .gd, Grenada
• .gl, Greenland
• .la, Laos; also borrowed for Los Angeles
• .pw, Palau
• .sk, Slovakia
• .vg, British Virgin Islands

Unofficial ccTLDs

• .ae.org, for United Arab Emirates
• .ar.com, Argentina
• .br.com, Brazil
• .cn.com, China
• .com.de, Germany
• .de.com, Germany
• .eu.com, European Union
• .gb.com, Great Britain
• .gb.net, Great Britain
• .gr.com, Greece
• .hu.com, Hungary
• .jpn.com, Japan
• .jp.net, Japan
• .kr.com, Korea
• .no.com, Norway
• .qc.com, Quebec
• .ru.com, Russia
• .sa.com, Saudi Arabia
• .se.com, Sweden
• .se.net, Sweden
• .uk.com, United Kingdom
• .uk.net, United Kingdom
• .us.com: United States
• .us.org: United States
• .uy.com, Uruguay
• .za.com, South Africa

Any domain owners of these TLD’s are advised to reset the authCode for that domain.