4 LLLL.COM Domains Was Stolen on GoDaddy

[netklick]

Four of my LLLL.com domains was stolen and transferred to 22.cn.

The following are the domains. I am in discussion with GoDaddy and I hope to reclaim my domain names.

1) RLYN.COM
2) BMRD.COM
3) RDBY.COM
4) LLCY.COM

I am posting here so you won't buy these domain names. Also I am posting here to get public support in fighting domain theft. It is 2015 and NO ONE should be allowed to run away with digital assets like this. If GoDaddy has the right security measures in place, they would know that the IP logged into transfer the domain name couldn't have remotely matched my IP (nor country most likely).

Whoever took it used Password recovery to gain access to my GD account. Not sure how because they never had access to my email account and that they could not have known my GD account id. So I am puzzled how this could have happened.

Once they gained access to my account, they pushed the domains to another GD account. Then from there on, it seems like they transferred to 22.cn. Isn't there a 60 day hold on account changes?

Please secure your domains, especially if you have LLLL dot coms that are of high value. Please help me get my domain back by talking about this. Like I said, its 2015 and this should not happen. Thank you.

 

[GravityEleven]

You had your domains registered at GoDaddy and then you didn't even use their recently implemented 2 factor authentication? Sorry, but that theft was avoidable, good luck still in recovering them!

just reach out to GoDaddy Rep @JoeStyler here at Namepros for the next steps

 

[NameOmnia]

Thanks for sharing and I wish you to get your names back.
Once again we see things happening with GD and not with other registrars...I would suggest those who own domains like yours to transfer out to a more secure one.

 

[MasterOfMyDomains]

Added to my signature.
After today, all my names are renewed at namesilo.
I use 2 factor for both namesilo and godaddy. Ya getting a text is such a pain.. not faulting you.
You will get your names back, godaddy should be getting good at this kind of incident as its happening alot. And account id is easy to obtain, anytime you transfer a name at godaddy to/from someone you need account info. Try not to worry to much and we'll get the word out for you

 

[avp]

You had your domains registered at GoDaddy and then you didn't even use their recently implemented 2 factor authentication? Sorry, but that theft was avoidable, good luck still in recovering them!

just reach out to GoDaddy Rep @JoeStyler here at Namepros for the next steps

Contrary to popular belief, not everyone has a mobile phone. Without one, you are unable to use the 2 factor authentication functionality offered by GoDaddy.

 

[bluebox]

After so many incidents like that - why don't they implement some basic security like:
if account is always accessed from let's say France and suddenly you have someone logging in from China/USA/whatever and that person tries to move/transfer any name or even change email they should put account on lockdown and send SMS/email with unlock code.

OR - provide 2 levels of security: 2FA for logging in and for transfers. I could disable the first one but still have the second.

 

[Theydon]

Good luck

 

[netklick]

Thank you so much for all the support and help I am getting from fellow domainers. I really appreciate it. I also appreciate the help I am getting from @Joe Styler

I've reached out to several bloggers and media outlets to let them know. I would appreciate if any of you can point me in the right direction to get some results.

I want to do this so other people can also be aware of what is happening and protect their domains. Thanks again.

 

[netklick]

I want to thank domaingang.com for getting my story out so quickly. It seems like they posted it within minutes from my email to them. Thank you!

http://domaingang.com/domain-crime/cybercrime-report-four-llll-com-domains-reported-as-stolen/

 

[winst]

Besides 2 factors, always reply price inquiries using different email addresses such as Yahoo or Hotmail. Too many phishing going on.

 

[mirul]

2FA is a must IMHO, especially for premium domain owner...

 

[Joe Styler]

We are working on the names on our side. I do agree that 2FA is very important. I also posted a blog article here on Namepros with best practices for keeping your domains secure.

https://www.namepros.com/blog/how-safe-are-your-domain-names.887391/page-2#post-5099753

I really feel sorry for anyone who loses even one domain to a thief. It is a horrible thing to happen and my heart really goes out to anyone who has a domain name stolen.

 

[Adriaanh]

I am impressed with goDaddy phone support, you are required to put in your pin before they answer your call. I just enabled 2way auth, thanks for the post. I think they must enable it by default, this problem will only get worse ...its not rob a bank anymore, it is rob a registar

 

[netklick]

Thank you for all of the messages and support again.

It seems like all of the domains are gone to ename and have been auctioned. 2 of them seems to have been sold already and BMRD.COM and RDBY.COM is still on the market.

http://www.ename.com/auction/domain/67753847/14500

http://www.ename.com/auction/domain/67756233/13988

How can one stop this? I did a quick translations and it had a violation/report section for the auction. So i sent the domaingang article. I hope ename will comply and return all of my names to GoDaddy.

Let me know if anyone know more about ename auction and how we can at least stop BMRD.COm auction. It is probably the one that is listed for longer.

 

[netklick]

Thank you @fadn for contacting ename about the auction and getting me an email address to email them with some proof.

ename responded with the following directly to me:
----- beginning of message ----
Hello,

Thank you for contacting eName service.

The domains:RYLN.COM, BMRD.COM, RDBY.COM, LLCY.COM have transacted to other registrants after transferring to eName. Now we have contacted the current registrants and temporarily lock the domains. The auction has been stopped.

We are still contacting the transaction related customers. But the domains have been transacted and the sellers’ money have been spent. If we were to transfer the domains back to you, will you refund the expenses of the related customers?

Best regards,

----- end of message ---

I hope they will work with GoDaddy to reverse all of this.

From this email, I am not sure if they are suggesting I buy my own domains back??? or to pay for transaction fees? Should I not respond and let GoDaddy handle this through formal process? Love to hear your thoughts.

Thank you so much for all the support again. You guys been great!

 

[canswift]

Could someone from GoDaddy share with us how someone can push these names to another GD account, and then transfer them out immediately?? Isn't that when the 60-day transfer lock is supposed to kick in, for precisely this reason?

 

[Shams]

Could someone from GoDaddy share with us how someone can push these names to another GD account, and then transfer them out immediately?? Isn't that when the 60-day transfer lock is supposed to kick in, for precisely this reason?

Yes you can transfer domains immediately. only if you Push the domains to another account without changing the contact information. Domain lock only implement when domain contact info change.

 

[canswift]

Yes you can transfer domains immediately. only if you Push the domains to another account without changing the contact information. Domain lock only implement when domain contact info change.

I understand that. The OP said that after the domains were moved into another GoDaddy account they were quickly transferred out to another registrar. With a 60-day GD lock, they shouldn't have been able to be transferred out of GD so quickly. So, I would still like to hear from GD as to how this could happen.

 

[SlimPickins]

shams just explained it canbrit... the "60 day lock" only goes into effect after changes to the REGISTRANT Name or Organization (note, NOT the email address or Admin info at all), REGARDLESS of whether it stays in the same account or moves to another account. The big ouch in that is when someone simply moves the domains to another account without updating the info, which Godaddy seems to make pretty easy to do since with every push we are given the option to keep current contact info, use destination account contact info or enter new details.... so one doesn't have to jump through any tricky hoops to move a domain without updating the info and avoid the 60 day lock.....

here is a good overview of this issue: http://domainnamewire.com/2011/05/13/how-to-avoid-go-daddys-60-day-lock-for-whois-changes/

 

[krx]

shams just explained it canbrit... the "60 day lock" only goes into effect after changes to the REGISTRANT Name or Organization (note, NOT the email address or Admin info at all), REGARDLESS of whether it stays in the same account or moves to another account. The big ouch in that is when someone simply moves the domains to another account without updating the info, which Godaddy seems to make pretty easy to do since with every push we are given the option to keep current contact info, use destination account contact info or enter new details.... so one doesn't have to jump through any tricky hoops to move a domain without updating the info and avoid the 60 day lock.....

here is a good overview of this issue: http://domainnamewire.com/2011/05/13/how-to-avoid-go-daddys-60-day-lock-for-whois-changes/

This is a critical oversight in GD's security system. There MUST be a security step introduced for pushes that keep Registrant/Organization info the same, if this will allow immediate transfer.