Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users

The domain of India-based software provider Zoho, one of the largest tech companies in the world, was taken offline today for around two hours after the domain registrar overstepped its attributes and took Zoho.com down following a banale phishing complaint.

The downtime resulted in nearly 30 million Zoho users being unable to access Zoho's website, which hosts a boatload of web-based office tools, such as word processing, spreadsheets, presentations, databases, note-taking, wikis, web conferencing, customer relationship management (CRM), project management, and invoicing applications.

Also: Why hiring more cybersecurity pros may not lead to better security TechRepublic

Following the unexpected takedown, Zoho's IT team said on Twitter that it failed to resolve the issue with the customer support staff of TierraNet, the registrar hosting Zoho's main domain.

Zoho representatives said the TierraNet staff proved unbending in regards to its decision to suspend the Zoho domain. The reason TierraNet gave out was that Zoho failed to resolve issues "after repeated contact requesting them to take action against phishing emails."

According to TierraNet employees, the domain registrar had received repeated complaints that crooks were using Zoho's Mail service --and indirectly the Zoho.com domain-- to send out phishing emails.

This is no surprise as most email providers, large and small, are abused on a daily basis. But in all cases, these issues are left to abuse departments of email providers. Domain registrars are rarely called upon to intervene, and usually in the case of domains associated with smaller sites, not for Forbes 100 companies.

Also: Google secretly logs users into Chrome whenever they log into a Google site

The sudden death of the domain of a multi-million dollar business cause panic at Zoho's offices.

Both staff and CEO Sridhar Vembu took to Twitter to explain the issue to customers and request urgent help in getting in contact with TierraNet's executives regarding the takedown.

Vembu also explained that the entire takedown was ludicrous at best, revealing that Zoho's staff usually handles all phishing-related reports in-house, suspending accounts when it receives any complaints.

Furthermore, he also revealed that the entire domain takedown was unnecessary on TierraNet's part.

"There were a total of 3 complaints in 2 months and we took action on 2 of them immediately and one is pending investigation," the Zoho exec tweeted.

"We run services for tens of millions of users. We receive complaints ourselves and take action. Complaints at a domain registrar level is very rare and this action by them is totally unacceptable when we are the ones with the responsibility," he later added.

Also: Google Chrome pushes the web toward HTTPS CNET

The issue was eventually resolved later in the day, but the damage was done, as a large chunk of Zoho's customers were by then being redirected to a blank page, rather than the Zoho portal.

Changing the domain DNS records back helped some users, but many remained unable to access the site due to incorrect IP addresses being cached on some slower-to-update DNS servers.

In the meantime, Zoho is recommending that any users who can't access the company's site use either Google or Cloudflare's free DNS services, servers that have already been updated and are directing users to the correct IP addresses when trying to access Zoho.com.

Revealing more details on Twitter later in the day, Vembu blamed the entire problem on one of TierraNet's automated abuse report systems.

"Basically an automated system triggered this action and then once a human realized what happened, it was rectified," he said.

In the meantime, TierraNet's bungle has reduced the CEO of one of the largest companies in the world to a tech support representative giving out instructions on how to change DNS servers to angry customers on Twitter.

Glorious will be the day when Sundar Pichai will be helping Google users create subfolders in Gmail.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

• Nasty piece of CSS code crashes and restarts iPhones
• FragmentSmack vulnerability also affects Windows, but Microsoft patched it
• Data breaches affect stock performance in the long run, study finds
• Why the 'fixed' Windows EternalBlue exploit won't die
• AdGuard resets all user passwords after credential stuffing attack
• Twitter notifies users about API bug that shared DMs with wrong devs
• Wendy's faces lawsuit for unlawfully collecting employee fingerprints
• Canadian retailer's servers storing 15 years of user data sold on Craigslist
• US ISP RCN stores customer passwords in cleartex