4 LLLL.COM Domains Was Stolen on GoDaddy

Four of my LLLL.com domains was stolen and transferred to 22.cn.

The following are the domains. I am in discussion with GoDaddy and I hope to reclaim my domain names.

1) RLYN.COM
2) BMRD.COM
3) RDBY.COM
4) LLCY.COM

I am posting here so you won't buy these domain names. Also I am posting here to get public support in fighting domain theft. It is 2015 and NO ONE should be allowed to run away with digital assets like this. If GoDaddy has the right security measures in place, they would know that the IP logged into transfer the domain name couldn't have remotely matched my IP (nor country most likely).

Whoever took it used Password recovery to gain access to my GD account. Not sure how because they never had access to my email account and that they could not have known my GD account id. So I am puzzled how this could have happened.

Once they gained access to my account, they pushed the domains to another GD account. Then from there on, it seems like they transferred to 22.cn. Isn't there a 60 day hold on account changes?

Please secure your domains, especially if you have LLLL dot coms that are of high value. Please help me get my domain back by talking about this. Like I said, its 2015 and this should not happen. Thank you.

 

You had your domains registered at GoDaddy and then you didn't even use their recently implemented 2 factor authentication? Sorry, but that theft was avoidable, good luck still in recovering them!

just reach out to GoDaddy Rep @JoeStyler here at Namepros for the next steps

 

Thanks for sharing and I wish you to get your names back.
Once again we see things happening with GD and not with other registrars...I would suggest those who own domains like yours to transfer out to a more secure one.

 

Added to my signature.
After today, all my names are renewed at namesilo.
I use 2 factor for both namesilo and godaddy. Ya getting a text is such a pain.. not faulting you.
You will get your names back, godaddy should be getting good at this kind of incident as its happening alot. And account id is easy to obtain, anytime you transfer a name at godaddy to/from someone you need account info. Try not to worry to much and we'll get the word out for you

 

Contrary to popular belief, not everyone has a mobile phone. Without one, you are unable to use the 2 factor authentication functionality offered by GoDaddy.

 

After so many incidents like that - why don't they implement some basic security like:
if account is always accessed from let's say France and suddenly you have someone logging in from China/USA/whatever and that person tries to move/transfer any name or even change email they should put account on lockdown and send SMS/email with unlock code.

OR - provide 2 levels of security: 2FA for logging in and for transfers. I could disable the first one but still have the second.

 

Good luck

 

Thank you so much for all the support and help I am getting from fellow domainers. I really appreciate it. I also appreciate the help I am getting from @Joe Styler

I've reached out to several bloggers and media outlets to let them know. I would appreciate if any of you can point me in the right direction to get some results.

I want to do this so other people can also be aware of what is happening and protect their domains. Thanks again.

 

I want to thank domaingang.com for getting my story out so quickly. It seems like they posted it within minutes from my email to them. Thank you!

http://domaingang.com/domain-crime/cybercrime-report-four-llll-com-domains-reported-as-stolen/

 

Besides 2 factors, always reply price inquiries using different email addresses such as Yahoo or Hotmail. Too many phishing going on.

 

2FA is a must IMHO, especially for premium domain owner...

 

We are working on the names on our side. I do agree that 2FA is very important. I also posted a blog article here on Namepros with best practices for keeping your domains secure.

https://www.namepros.com/blog/how-safe-are-your-domain-names.887391/page-2#post-5099753

I really feel sorry for anyone who loses even one domain to a thief. It is a horrible thing to happen and my heart really goes out to anyone who has a domain name stolen.

 

I am impressed with goDaddy phone support, you are required to put in your pin before they answer your call. I just enabled 2way auth, thanks for the post. I think they must enable it by default, this problem will only get worse ...its not rob a bank anymore, it is rob a registar

 

Thank you for all of the messages and support again.

It seems like all of the domains are gone to ename and have been auctioned. 2 of them seems to have been sold already and BMRD.COM and RDBY.COM is still on the market.

http://www.ename.com/auction/domain/67753847/14500

http://www.ename.com/auction/domain/67756233/13988

How can one stop this? I did a quick translations and it had a violation/report section for the auction. So i sent the domaingang article. I hope ename will comply and return all of my names to GoDaddy.

Let me know if anyone know more about ename auction and how we can at least stop BMRD.COm auction. It is probably the one that is listed for longer.

 

Thank you @fadn for contacting ename about the auction and getting me an email address to email them with some proof.

ename responded with the following directly to me:
----- beginning of message ----
Hello,

Thank you for contacting eName service.

The domains:RYLN.COM, BMRD.COM, RDBY.COM, LLCY.COM have transacted to other registrants after transferring to eName. Now we have contacted the current registrants and temporarily lock the domains. The auction has been stopped.

We are still contacting the transaction related customers. But the domains have been transacted and the sellers’ money have been spent. If we were to transfer the domains back to you, will you refund the expenses of the related customers?

Best regards,

----- end of message ---

I hope they will work with GoDaddy to reverse all of this.

From this email, I am not sure if they are suggesting I buy my own domains back??? or to pay for transaction fees? Should I not respond and let GoDaddy handle this through formal process? Love to hear your thoughts.

Thank you so much for all the support again. You guys been great!

 

Could someone from GoDaddy share with us how someone can push these names to another GD account, and then transfer them out immediately?? Isn't that when the 60-day transfer lock is supposed to kick in, for precisely this reason?

 

Yes you can transfer domains immediately. only if you Push the domains to another account without changing the contact information. Domain lock only implement when domain contact info change.

 

I understand that. The OP said that after the domains were moved into another GoDaddy account they were quickly transferred out to another registrar. With a 60-day GD lock, they shouldn't have been able to be transferred out of GD so quickly. So, I would still like to hear from GD as to how this could happen.

 

shams just explained it canbrit... the "60 day lock" only goes into effect after changes to the REGISTRANT Name or Organization (note, NOT the email address or Admin info at all), REGARDLESS of whether it stays in the same account or moves to another account. The big ouch in that is when someone simply moves the domains to another account without updating the info, which Godaddy seems to make pretty easy to do since with every push we are given the option to keep current contact info, use destination account contact info or enter new details.... so one doesn't have to jump through any tricky hoops to move a domain without updating the info and avoid the 60 day lock.....

here is a good overview of this issue: http://domainnamewire.com/2011/05/13/how-to-avoid-go-daddys-60-day-lock-for-whois-changes/

 

This is a critical oversight in GD's security system. There MUST be a security step introduced for pushes that keep Registrant/Organization info the same, if this will allow immediate transfer.

 

Well, thanks for the clear explanation (both of you). I previously had two GD accounts for my company (same registrant info for both accounts). When I consolidated account B into account A, it did trigger the 60-day lock. I must have done something to trigger that lock, but from time on I assumed that any account push or change did trigger the lock.

 

@netklick .. Any updates?

 

Just a quick update. I called GD today to get an update. They are still working on it and is waiting for responses from the other registrar (ename).

I heard back from one person who owns one of the domain. He/she said bought it on ename marketplace. Must have been the one day auction or through another method.

I tried to message all new owners (including through privacy protection) to tell them they are stolen domain. Like I mentioned above, only one got back to me and felt sorry for me. Said ename has a lock on the domain. I hope it is a good sign.

So I am hoping they are all doing the right thing to get my domains back to me.

I am also in the process of filing a report with FBI and RCMP (Canadian version) just so it is in the record.

Thanks for all of your support and advice to me. Truly blessed to be part of this forum.

 

No, GD is already not liked by many domainers for throwing second 60-days when you change owner.
Other registrars do not do it and take business from GD because of that.
It need to be changed too.
If you registered at GD, 60-days rule is fine, but adding any 60-days after is no-no and red flag for business.
I had resellers cancel the deal because of that and some simply refuse to negotiate when hear that domain is at GD.

What needs to be implemented is better security. And good tips were offered in this thread.

1. Make it impossible to retrieve password if request is made from different IP, than usual, especially if it's IP of different country. What are the chances that someone who always operated from Europe, India or USA forgot password and moved to China at the same time? 1 chance in the million. And latest stories about stolen names always go with the same scenario. Account compromised at GD via password recovery - domains pushed to different account - transferred to China - sold at Ename.
GD need to stop it in first place. And Ename is running shady auctions and then asking the legit owner to pay for their own domains is bullsh*t too! They need to give domain back to the owner and make a chargeback from seller's Alipay or whatever they use. It's totally within the power of Ename. Robbing poor guy is just easy choice for them.

2. Second offer for GD is to send confirmation code to the phone every time password reset.

This way even whe someone hacks your email, they can't see the code on the phone.

 

+1

Agreed, this is the best solution IMHO...

Cc @Joe Styler