A recent message from CentralNic Reseller addressed to its customers reveals that the company has observed “activity outside our operational systems that we are investigating” and is taking precautionary measures. The announcement states that while there is no confirmed impact on operational systems or customer data, the reseller will rotate all domain authorisation (auth) codes across its platform. No immediate action is required unless the customer uses locally stored auth codes.

What the notice says

  • The notice informs customers that domains managed via CentralNic Reseller will automatically receive new, unique auth codes.
  • If customers store the auth codes locally (for example in internal systems or tools), they are asked to refresh their stored data.
  • If they do not store any codes locally, no action is required on their side.
  • A contact email and phone number are provided for support.
  • The measure is described as “controlled” and as an “abundance of caution.”

Why this matters

Auth codes (also called authorisation codes or EPP transfer codes) are critical pieces of security for domain names. They are used to authenticate domain transfer requests, ensuring that only authorised parties can move a domain to another registrar. For many top-level domains (TLDs) handled by resellers like CentralNic, the auth-code interface is standard.

When a registrar or reseller rotates or revokes auth codes because of suspicious activity, it signals a potential risk: malicious actors may be seeking to gain control of domains by acquiring valid auth codes or exploiting existing credentials. For a hosting company that uses domain names for client websites, email services or infrastructure, losing control of a domain can lead to:

  • Domain hijacking or unauthorized transfers
  • Service disruption (websites down, email failover issues)
  • Brand or reputation damage (if a domain is redirected to a malicious site)
  • Loss of trust from customers

Similar incidents & industry context

There have been documented cases where registrars or resellers experienced security incidents that affected domain control. For example, on a public forum one user described how a failure in renewal or registrar mis-management led to a large company losing its domain and suffering major revenue and brand impact.

Though the CentralNic message does not state that a breach has occurred, the fact that precautionary auth-code rotation is being enacted suggests the company is reacting to a credible risk rather than a routine update.

What hosting providers & end-users need to know

For hosting providers and their end customers (companies using hosting services through resellers like CentralNic’s channel), there are a few implications:

  • hosting providers relying on domains managed by the reseller must verify that domain records, transfers, and auth-code procedures remain secure and monitored.
  • end-users (the customers of hosting companies) should ask or check whether their domains are managed via a reseller that implements timely security responses like this rotation, and whether they have full visibility into their domain settings.
  • if you store auth codes in internal systems (for example to facilitate emergency domain transfers or registrar changes), you must update or validate the newly assigned codes to avoid being locked out or blocked by the registrar change.
  • consider verifying domain registration owner contacts, enable 2FA on registrar/change control accounts, and monitor for unusual transfer/lock status changes.

The CentralNic Reseller notice is a strong reminder: domain management infrastructure and transfer controls are part of the security posture of any hosting or web service provider. While websites and servers often get the bulk of attention, domains and their authorisation codes are equally critical — if exploited, they can serve as the weak link that undermines everything built on top of them. Acting early, maintaining visibility, and verifying controls is key.