GoDaddy helped someone hijack my account and steal my domains

[GDiddy]

Last night, as I was working, I started receiving emails from my godaddy account stating that my domains were being unlocked, and transferred. I immediately tried to login to my godaddy account. My email and password were no longer valid on my account. I called Godaddy's support number and explained to them that someone had broken into my account, changed my info, and was transferring domains away as we spoke. The rep told me there was nothing he could do about it, and I'd have to contact WIPO if I wanted my domain names back. In fact, he wouldn't even let me change my domain account info back to my own info. Apparently, his stance is that if someone hacks your account and changes the email and password, that means it now belongs to them, and not you.

Someone is hacking my entire domain account at Godaddy, and I have to contact WIPO? I don't think so. I demanded to speak to a supervisor. The supervisor helped change my email and password back so I could login, but not until after he talked for a half hour, repeating over and over again that he couldn't do it. All the while, domain names were being stolen from my account, one at a time, as I watched the notification emails pouring in telling me how my domains were being unlocked and transferred. Is this not like sitting on the phone with a cop who doesn't want to come out to your business, while someone is loading merchandise out the front door as you speak? Would the cop just tell you to make an insurance claim?

After I was able to login, I noticed that the domains were no longer even present in my domain list, so I could not change my info back on them. The supervisor told me that the domains were transferred to another Godaddy account, so they would immediately disappear from my account. I asked him to transfer my domains back from the hacker's account. He said no. Even though he had the domains at his fingertips, within his own system, he refused to help. It's not like they were transferred to another registrar. The hacker had the guts to use the same registrar to transfer them. I asked him how this hacker was able to enter my account. I wanted to know who called in and pretended to be me, and who the rep was that helped them to steal my account. He told me that one of his own employees (I have his name now) did it. So, his employee at Godaddy aided someone in stealing my entire domain account with dozens of domain names. The supervisor (I have his name too) told me he couldn't do anything about it.

So, a Godaddy employee aids another person in stealing my entire domain account, and godaddy does nothing but protect their employee who performed this honorable deed. They see nothing wrong with what happened, and think that they have no responsibility in the severe security breach of their own employees and their own ridiculous security flaws. I've heard of problems with security at Verisign, but I've never once heard of anything this blatant and ridiculous happening with a registrar. What kind of security does Godaddy have that they let their own employees give away not just your domain names, but your entire domain accounts?

If anyone knows anything about the legality of this situation, I'd appreciate the information. My domain names have been stolen. My domain account was stolen. Godaddy aided the thief. I want those responsible to be prosecuted, big time.

 

[RJ]

Lee, did you miss the part where JB confirmed this happened to one of his clients? Do you also think John is lying because he isn't revealing the domain names?

 

[LeeRyder]

no, I read that (the other domain issue). But, in that case.. (pardon the condition lol)

1)we know for certain a domain is stolen because we know a name.
2)none here are at a potential to loose money because, again the name is known.
3)nothing is being hidden
4)he has been forthcoming with all relevant information.

to me, this thread is no different (if youll forgive this) than me making a thread saying:

"-RJ- stole something from me. I wont say what it is, but he took it."

this does nothing but harm your name (without basis) and in no way aids in the return of the property. It would seem..as in the true case, that the objective of the post is to do nothing but harm you, your name and reputation.. not to 'get back" what was alledgedly taken.

In other words... right now, it is no more than slander against GoDaddy. I mean, no one here can even say something has been stolen whatsoever right?

 

[Badger]

Strong argument Lee......

I think JB's comments on Gdaddy (although clearly true and without question) bear no relation to the point Lee is making and in fact argues a different case..

To say "XYZ is a liar and a thief" [without evidence or foundation], has no bearing on someone saying "XYZ has already been proved a thief and i can prove it"... The events are not linked.

If you excuse my presumption Lee, what he is saying is, the thread starter has cast aspertions about Godaddy without any basis of fact and/or evidence. And that fact alone makes this thread pointless.

You might argue that the thread starter is simply seeking help. But the fact that he has thrown a good deal of allegations about Gdaddy (without foundation) is different to saying "I have a problem with Godaddy, can someone advise me as to where I might seek some help/recourse".

Im not saying the thread starter is a liar or that this thread stinks. But on the same token, I also dont think that Lee has his wires crossed or in fact is contradicting anything anyone else is saying...

jm $0.02 worth.....

 

[LeeRyder]

thank you Badger for making my thoughts more concise. Damn you and your command of the English Language :P

-RJ-, to address the second half of your previous question (sorry I neglected that).. I dont know if he is lying.. to me, it really doesnt matter at this point. I'm just trying to help him (believe it or not. I know it appears differently.. but im trying to get more information to go on. I feel like a dentist here.. not liked or respected, but still something needs to be done) get his domain returned, if it has been stolen.

but that is really hard to do when the only facts I have, that can be substantiated... are slander against a well respected business.

 

[RJ]

Even if the original post was writen as a work of fiction, doesn't the fact that another reputable party has confirmed that his has happened in real life warrant any thoughtful consideration? You're saying GDiddy could be here only to smear GoDaddy's reputation (possibility granted), but are not accusing JB of the same thing when he offers confirmation of a parallel situation.

I guess there are two issues at hand,

1. Who is GDiddy? Is he telling the truth?
or
2. Is this really happening at GoDaddy? Are my domains in danger?

What's more important to you?

This is turning into something of a regular event at Godaddy.

 

[Badger]

I guess there are two issues at hand,

1. Who is GDiddy? Is he telling the truth?
or
2. Is this really happening at GoDaddy? Are my domains in danger?

What's more important to you?

Clearly, from a purely selfish point of view, im sure all of us here are more concerned by JB's comments. But this is not the topic of this particular thread.....

Who is Gdiddy? dunno... Is he telling the truth? dunno... Im personally surprised a new member would come here and make this his first and i think (without checking) his only post... But thats just my opinion...

Is this really happening at Godaddy? I sincerely hope not. But if any further developments happen either here or elsewhere I will seriously have to consider my options...

But, again, this is off topic from the original thread.....

 

[LeeRyder]

not sure who he is, but seeing as he actually returned after his initial post and replied the next day does lend credibility to his claim.. I cant forego that fact, and is the main reason why I am trying to get more information as to what is going on... I think we owe him that much.

As per what is happening at GoDaddy.. the other case is more important because I feel GoDaddy has more information than we are being told. GoDaddy is certain to base a major focus of it's business on reputation. Online, it is all we have (credibility)... and im sure they must know this. Along with the fact that lawyers will obviously be involved if they make the wrong decision, Im positive they are checking and double checking with all parties involved to ensure they make the right move... hence the slowness in their response to the domain issues.

Is there something to fear about your domains? sure, but no more than with any other domain name registrar.

 

[Zeeble]

However Lee, you must admit, that there is probably no company out there, which is the same size as GD, AND has never had something like this happen.

Gdiddy has probably left the forum now as I would have done, had I posted here for advice and been told that I was a liar.

Gdiddy MAY have been trying to hurt GD's rep, but I doubt that.
The fact that this HAS happened before lends even more credibility to Gdiddy's story.

 

[LeeRyder]

Well if he left, which we don't know... but if he has left "us", then his loss. a better community he will not find.

As per that though, if asking questions and demanding clarification is calling hima liar, then I dont know what to say. I think it is only reasonable to find out whats going on before everyone jumps on a bandwagon simply becauseof someone claiming something with absolutely no evidence to prove his point (or at least not providing evidence).

If someone comes here asking for help, don't you find it reasonable that we actually KNOW what we're to help with? Let's change it.... to perhaps show why:

GDiddy joined yesterday and posted a thread saying that you, Zeeble stole something from him. Now, while you were offline this entire thread took place..so you had no ability to retort what so ever. Replace GoDaddy in this thread with Zeeble and tell me, how fair is he being vs. how fair we're being in questioning and wanting clarification?

I owe GoDaddy nothing, nor do they owe me. But, I do feel a certain obligation to truth and honor and in that... respect to both parties. And in-as-much as I would like to clear this up.. without knowing what the hell we're clearing up..isn't it a waste of time?

Tell me, what 3 things has this thread put into people minds?

One I can answer for you based solely on -RJ-'s post:

1) Should I fear for my domains at GoDaddy.
2) you add 2 and 3

That to me, speaks volumes as to what his goal was. If you can get RJ to be thinking stuff like that, what about the 12,000 other members here who don't have RJ's experience and take things at face value?

 

[RJ]

I didn't think that you would.
I don't believe your story GDitty.

I agree with dna..something doesnt smell right.

That sounds to me like he's being called a liar.

I guess I have a different perspective on this. If scammers can possibly gain free access to any accounts at a registrar I use, that's something I want to be aware of. John Berryhill's confirmation of this possibility should carry much more weight than whether or not GDiddy makes the names public.

I can't yet rule out the possibility that this original post is factual. Agree with them or not, there are reasons mentioned in this thread for not wanting to publicize the names in a situation like this. Yes, we could "keep a watch out for them", but so could GDiddy by monitoring this site and Sedo, Afternic, Google, DNF, DS, etc. Seems he was looking more for legal advice than assistance with detective work.

The real issue is whether this problem exists at GoDaddy or not. Considering the number of domains NP members have registered there, that's more important than if GDiddy's individual story is true or not. If enough people are aware of an issue, the company will be forced to at least take a look and it, see if there is a problem, and fix if needed. That's all I would want.

 

[LeeRyder]

the only time I recall of a serious domain issue (cant recall which registrar) was someone had a comprimised system, the pw's were logged and the thief logged into the registrar from the true owners now hacked pc and transfered the domains to another account.

it was VERY interesting, but even then..(i think it was)GoDaddy got the domains returned... beyond all hope. I think that would be a worst case scenario for proving theft.. so unless his situation is somehow worse, GoDaddy shouldnt have any issues returning these domains.

As per me calling him a liar.. something not being right or -smelling fishy- shouldnt be construed as being called a liar.. take it at face value... it just doesnt sound right from the first post to his last.

 

[Lyte]

Criminals hate having attention brought to them and their behavior.

It would make it very difficult for him/her to sell the domain(s) if the true owner kept posting that domains x, y and z are stolen property and that Billy Joe Jim Bob is a thief. Yes, he/she could use it for ppc but it might keep the domains in one place while you work to get them back.

 

[floatingworld]

Total Bullshit

What a laugh....first we are told in gushing mill and boones style that:
'... All the while, domain names were being stolen from my account, one at a time, as I watched the notification emails pouring in telling me how my domains were being unlocked and transferred....'
Then we are told that the grand total of 3 domains 'disappeared' into another acount in GD. Of course we cannot check the WHOIS for these phantom names because they are still a secret. The whole thing is a wind-up. :yell:

 

[jberryhill]

Something doesnt add up in that...

That's because I'm not posting a tutorial on "how to steal names at Godaddy".

I have dealt with several account-based hi-jackings at Godaddy. They happen. They generally follow a particular sequence of steps, for reasons peculiar to the way Godaddy works.

As far as "slander" goes... it is not slander to say "Joe stole something from me" and to refrain from identifying what Joe stole if, in fact, Joe did steal something from you. A defamatory statement is one that is untrue, among other things. Whether or not the statement is true has nothing to do with whether or not one desires to state all of the supporting facts.

What seems odd to me is that this person has not stated to me or anyone else whether he utilized the contact information I provided, and has given zero indication of whether the situation is under control or being resolved. While Godaddy, like any other registrar, has its problems, they are generally pretty good at locking things down when you get the attention of an appropriate individual in their organization. It did strike me that the post came immediately after I had dealt with a strikingly similar situation at Godaddy.

But, as long as we're on the subject of hi-jackings, some things have added up recently on another note, which had not been clear to me until now. Do you know those "I'd like to buy your domain" spams that have been going around? Some of them are appraisal scams, but some of them are something else entirely. Again, without giving a tutorial in dirty deeds, consider the following rule you should follow, because of security flaws in certain email systems:

IF you use a web-based email system (e.g. Yahoo, Gmail) as the administrative contact email address for your domains,

THEN do NOT use that email account for general correspondence, and certainly NOT for conducting discussions about selling the names to people you do not know.

The "short" reason why you should not do that, is because there are techniques by which someone corresponding with you may be able to clone your session-id by a coincidence of good timing and interestingly-coded email. Then, they can control the admin contact long enough to retrireve password information and/or approve transfers.

Perhaps GDiddy's domains were stolen by the Googlee Bear. Darn that nefarious bear.

 

[Badger]

And there was me with the sensible face digesting each and every word you wrote John....

And then you mentioned the bear. You had to bring up the bear.... Jeeez...

:lol:

 

[She Unlimited]

What would be the harm if he reveals one domain name? I am not taking sides here on either but....he has not re-posted?

Members are here to help.

 

[Badger]

IF you use a web-based email system (e.g. Yahoo, Gmail) as the administrative contact email address for your domains,

THEN do NOT use that email account for general correspondence, and certainly NOT for conducting discussions about selling the names to people you do not know.

Just read your post again JB and without sounding like the school swot, I have to say that this is GOLD.. Thank you very much.... Personal amendments pending.....

Can we post this somewhere more in the public gaze Ron....???

 

[redhippo]

the whole impression that i get out of this thread is

"WARNING LIGHTS"

stay clear of godaddy...........your domains are not safe with them

they may be hijacked any time and the staff will not help you

reg at your own risk

 

[jberryhill]

stay clear of godaddy...........your domains are not safe with them

Godaddy is no more or less safe than most any other registrar. I've seen domains hi-jacked from Enom, NSI, Dotster, Tucows, etc. Gdiddy is curiously silent on whatever progress or lack thereof he has made in having his situation resolved, which I agree does seem odd for someone who came here wanting "help".

A lot of domain hi-jackings are indistinguishable from other types of identity theft crimes. I once had my Visa number compromised and posted to the internet. I doubt it matters whether my bank was Wachovia, Citibank, Bank of America, or any other card issuer.

If your admin contact email can be compromised, then your domains can be hi-jacked, regardless of who the registrar might be.

 

[Parma]

http://www.webhostingtalk.com/showthread.php?threadid=396620&perpage=15&pagenumber=3

Well, well, aint it interesting when you have both sides of the story. After sending a message to Bob Parson's web blog - he was nice enough to respond to me directly via e-mail. Seems that Gdiddy left out a few eencie weencie details. Like the fact the Gdiddy used someone else's credit card - and then that person (who Gdiddy likely knew) is the person who moved his domains.

Directly from Bob Parsons:

quote: First, a big thank you for bringing the claims on Hosting Talk to our attention. We've looked into the matter, and as you suspected there were extenuating circumstances.

Here's the reply I received from Ben who did the investigation for
us....

==============================================

Here is what basically happened on this.

The customer "gdiddy" had registered severtal domains under his
customer account, using the credit card of another person "X". X was also listed as the original registrant of the domains.

As per the usual change process we have in place, X called in to
Customer Service and verified the credit card information. She then changed the customer account password and moved her domains out of Gdiddy's account and into one of her own. She had the help of our employees to do this because it is by the book, and according to our policies.

Gdiddy saw the alert notifications that the accounts were being
transferred, and called Customer service to complain that domains were being hijacked. Again, according to existing policies, we assisted him in changing the password and customer email address back, but he apparently could not verify the CC info since it was not his card in the first place. He set up a PIN on the account for extra security, and proceeded to de-activate all remaining CC's in his account. Apparently, he was trying to be a reseller without having a reseller account. He had lots of domains in his account that had been registered using several credit cards, and with different people listed as the registrant.

Gdiddy seems to have gone silent in the newsgroups himself around the same time our customer notes indicate that the details of the situation were explained to him by supervisors here.

We are presently working on crafting a response we can post in the newsgroups/forums that tell the whole story, and how this guy is complaining about ownership of domains that were never actually his to begin with.

====================================================

Thanks again for bringing this to our attention. As a very
small Thank You, I will be sending you a Radio GoDaddy tshirt. Please email me back with your size and an address you would like it sent to.

Bob

 

[Dave_Z]

Guys, I hate to say this, but I think some recent posts of the same thread in
another forum leads me to think LeeRyder was right on this one.

RJ, is it okay to post the links? I don't know if it's okay to post a copy of the
post from that forum.

But what makes it interesting is that Nick Fuller from Go Daddy replied to that
same post. Anyone interested, you can PM or email me thru here for the links
until RJ or any of the mods verify it's okay to do so.

I'll say this much: there's more to what GDiddy has initially posted. And it
appears to be a case of...hmmm...I think "misunderstanding" is the best word
to describe what happened.

=========================================================

Edit: whoops, someone else just posted the thread I was referring to.

 

[PolurNET]

Just finished reading the thread here and at WHT. Although I don't agree with GoDaddy's policies that "GoDaddyGuy" listed on WHT, I think more research needs to be done to determine the "real" owner of the names. It should not be based on just the CC holder's info, IMO

 

[floatingworld]

:bah: ...very interesting reading the last few messages, particulalrly the info re the original poster using someone else's cc, screwing up, and then blaming GD for his troubles. I said in an earlier post that the original story was bullshit, and now we can see that it was this and more: a dishonest posting to cover up a situation of his own making. My case rests m'lud.

 

[LeeRyder]

Aghh!! I want a GoDaddy TeeShirt!

right on man, never thought of Bob's Blog..seemed like an unlikely source for info on this.. stupid thinking by me and very nice job by you getting us answers there (though I am surprised he himself would have firsthand knowledge of this event).

 

[jberryhill]

It should not be based on just the CC holder's info, IMO

I am absolutely shocked that Godaddy has such a wrong policy.

As an attorney with an IP firm, I register quite a few domain names for our trademark clients, with our clients' authorization and in their name, and I pay for them with the firm's Amex Card issued in my name.

Godaddy should NOT transfer those names to me simply because I am the credit card holder. That is just wrong.

Guess what folks, there are some substantial corporations who have domain names registered "using someone else's credit card", because a LOT of companies have their outside lawyers take care of policing and registering domain names.

What a great way for a disgruntled employee to really cause havoc. IT manager pays for domain name using company card issued in his name. Subsequently IT manager has falling out with management and leaves company. IT manager decides to get revenge.

I guess the model works well if your primary market is couch potatoes who watch bouncing mammary gland commercials.