We want to share a short update regarding the defacement of Rapid7.com and Metasploit.com last week. A malicious 3rd party, claiming to be KDMS, changed the DNS settings with our domain registrar, Register.com.
We have heard from Register.com that the attacker did NOT use a spoofed change request fax as originally and unintentionally communicated by Register.com. It’s more likely the attackers used other social engineering techniques, resulting in compromised credentials of a Register.com employee.
We’re waiting for the incident report from Register.com and will share more details when we have them so that we can all learn from the incident.