25 LLLL.COM domains was stolen.

[aaron123]

25 LLLL.COM domains was stolen.

The domains were transferred out of my GoDaddy account and were moved to a namesilo.com and 22.cn.

The following list of domains was stolen and is currently in the process of being reclaimed:

CJQP.COM
GKJM.COM
JHGS.COM
KBXM.COM
KGRQ.COM
KQLD.COM
KQMP.COM
KRNX.COM
KRPZ.COM
KSWN.COM
KWMZ.COM
KXDP.COM
KZGF.COM
KZTQ.COM
MTYN.COM
RZJB.COM
SXDF.COM
DRQW.COM
RQCQ.COM
PQKT.COM
QFPW.COM
GYLZ.COM
GGYL.COM
GYLG.COM
GYLN.COM

Please don't buy those domains.

 

[Chetan]

I have receive email update When My Admin Contact was updated.But I was sleeping at that time.At that time we were here at 1 a.m.

Domains Automatically enters 60 days lock on Godaddy once admin contact is updated.
Not sure that how the thiefs were able to transfer out of godaddy

 

[aaron123]

Domains Automatically enters 60 days lock on Godaddy once admin contact is updated.
Not sure that how the thiefs were able to transfer out of godaddy

The hacker only update Admin email.I think this is a System vulnerabilities.

 

[aaron123]

It seems that the change of the mail address is not locked on godaddy.I think this is a System vulnerabilities.

 

[Chetan]

The hacker only update Admin email.I think this is a System vulnerabilities.

Please point this out to godaddy, this is not done at all. @Joe Styler please help sorting this thing.
Here in India, despite of having two level authentication, email does not arrive to my mobile ever.
I am planning to move out completely to Uniregistry if this is the same with godaddy

 

[ulterios]

Is it safe to use iOS (on ipad, macbook, iphone) instead of windows? Someone tell me there are no virus/ malware/ spyware on iOS?

iOS has the same issues. Sometimes worse.

 

[NameOmnia]

I am really sorry to hear that, at least the names moved to @namesilo should be easy to recover.

There are a few things I do not fully understand :

- if you change email address the name gets locked ( at least that's what I have always understood )
- did you get in contact with GD as soon as you woke up? What did they say?
- it takes up to 5-7 days to transfer names out how did yours get transferred instantaneously?
- have you ever clicked on any suspicious email from GD? Did you work out how they got access?

Please @Joe Styler enlighten us.

 

[forge]

Nope, if you change only the email address this will not trigger the 60-day lock.

And you can expedite transfers out from GoDaddy which takes just minutes.

 

[Chetan]

Nope, if you change only the email address this will not trigger the 60-day lock.

Is this to promote domain theft ?

 

[NameOmnia]

Nope, if you change only the email address this will not trigger the 60-day lock.

And you can expedite transfers out from GoDaddy which takes just minutes.

So Godaddy is one of those registrars that still allow to expedite transfers...Maybe it's time to make a change to this? NameCheap seems to become a better alternative every day more..

 

[ulterios]

So Godaddy is one of those registrars that still allow to expedite transfers.

Yes they do. It's good if you don't want to take days to transfer/sell/etc a name, but bad for security. It's a trade off but most people are very impatient and don't want to wait days.

I transferred a domain a couple of days ago away from GD and it took about 20-30 mins to complete.

 

[aaron123]

Nope, if you change only the email address this will not trigger the 60-day lock.

And you can expedite transfers out from GoDaddy which takes just minutes.

I think this is a system vulnerability.

 

[yogiDomain]

@Joe Styler will surely help here. If nothing works out. File a dispute. This domains are worth 30k so u need to figure out something.
Keep all the documents mails ready.

 

[Joe Styler]

I reached out to Aaron via PM. We do allow expedited transfers many people like this, especially domainers who want to get a sale taken care of quickly so they can get paid sooner and before the buyer changes their mind. We do offer two factor authentication which I personally use and recommend everyone else use to keep their domains safe. Almost every time when I see names stolen two factor would have prevented it. We looked at the google app to do 2fa overseas but decided against it because we wanted to build something ourselves that we felt was a more secure option. I am not saying Google is not secure, I won't go into all the things we looked at but we looked long and hard at many options and picked the one we think is most secure for our customers. We have an expert team that helps with recovering stolen domains and they have been very successful in the past and I hope they will be in this case as well. Whenever someone loses a domain we all feel it, everyone knows how important a domain name or in this case many domains are to your business and that is extremely important to us and we will do everything we can to help. Recovering names that move overseas is not a quick process but we stay at it. I think coming out to let people know publicly is the right thing so that people will not buy the domains.

 

[aaron123]

I reached out to Aaron via PM. We do allow expedited transfers many people like this, especially domainers who want to get a sale taken care of quickly so they can get paid sooner and before the buyer changes their mind. We do offer two factor authentication which I personally use and recommend everyone else use to keep their domains safe. Almost every time when I see names stolen two factor would have prevented it. We looked at the google app to do 2fa overseas but decided against it because we wanted to build something ourselves that we felt was a more secure option. I am not saying Google is not secure, I won't go into all the things we looked at but we looked long and hard at many options and picked the one we think is most secure for our customers. We have an expert team that helps with recovering stolen domains and they have been very successful in the past and I hope they will be in this case as well. Whenever someone loses a domain we all feel it, everyone knows how important a domain name or in this case many domains are to your business and that is extremely important to us and we will do everything we can to help. Recovering names that move overseas is not a quick process but we stay at it. I think coming out to let people know publicly is the right thing so that people will not buy the domains.

I used two factor authentication a month ago. but because every time I want to log in GoDaddy I will not receive text messages. So I just canceled two factor authentication no long ago.
In my country, we often do not receive the verification code.

 

[Chetan]

I used two factor authentication a month ago. but because every time I want to log in GoDaddy I will not receive text messages. So I just canceled two factor authentication no long ago.
In my country, we often do not receive the verification code.

In India there is the same problem

 

[Chirag]

Its not the problem of India, many people face these delays.

Actually thr is too much delay in receiving the code, sometimes I have received the code with 10 hrs delay.

 

[NameOmnia]

Almost every time when I see names stolen two factor would have prevented it

Is it now available worldwide or in the US only?
Thanks

 

[ulterios]

Is it now available worldwide or in the US only?
Thanks

I don't know if it's worldwide, but it is in many new countries now.

 

[Joe Styler]

Its not the problem of India, many people face these delays.

Actually thr is too much delay in receiving the code, sometimes I have received the code with 10 hrs delay.

That is unbelievable. If that happens again reach out to me when it is happening, or Chat on our site if I am not online here and let us investigate it right away so we can trace it. That should not be happening.

 

[NameOmnia]

I don't know if it's worldwide, but it is in many new countries now.

Thanks Ulty.
Where do I check to find it if I have it?

 

[ulterios]

Many times the delays are not caused by the GoDaddy system but the mobile carriers themselves. I had this same issue a while back and it turned out to be the mobile carrier.

 

[ulterios]

Thanks Ulty.
Where do I check to find it if I have it?

I'm not sure but I think I saw somewhere that it's available for your location.

Here's their link but it doesn't say the countries: https://www.godaddy.com/help/enable-two-factor-authentication-7502

 

[ulterios]

Thanks Ulty.
Where do I check to find it if I have it?

They are supposed to have it in 185 countries now (unless they added more) so you should have it.

 

[MasterOfMyDomains]

ENABLE TWO-FACTOR AUTHENTICATION
You can protect your account by using 2-Step Authentication. With it, you have to enter a code we text you whenever you log in to your GoDaddy account.

With 2-Step Authentication enabled, you have to enter the code every time you log in. If you log in frequently or have multiple users accessing your account, we do not recommend using 2-Step Authentication.
--------------------------------------------------------------------------------------------------------------------------------------------
From Goodaddy^^

I am going to add 2 step right now and see how long the code takes to get to me. And i login alot 20-30 times a day maybe, even though its not reccommended

-------------------------------------------------------------------------------------------------------------------------------------------

I set it up and the first text came instantly. I proceeded to log out then in 5 times and each time it would come to the code page I would receive the text in seconds. Working well in Canada, I am a 2 step man forever now

 

[Yousaf Saeed]

In shallah you'll get your domains back... Clean your PC & switch to a safer operating system.