Domain registrar Openprovider accidently leaked transfer codes and customer data
A cybersecurity researcher who owns Security Discovery and Cybernews discovered a publicly elasticsearch instance containing 164 GB data related to the domain registrar Openprovider. The data leak includes domain transfer authorization codes, customer data including domain registrant’s information and email addresses. The registrar later fixed the issues. Cybernews stated that the data was publicly available for over three months on the internet. Openprovider failed to informed their customers but when the security portal published the news about data leak then Openprovider emailed their customers.
If your domain names were not having transfer-lock, then the hacker could easily transfer domains out from Openprovider to any other registrar and take hold of your domain.
Always put a domain-lock on your domains. Most domain registrars like The Online offer free domain lock, 2FA, and other security features that help your domain name stay secure in your own hands.