Hijacking Alert: Industry Pioneer Has Muliple Domains Stolen From His Enom Account

[Ron Jackson]

Warren Weitzman's worst nightmare has just come true. He has been in the domain game since 1994 but Weitzman has never seen anything like this. Somehow over a dozen domains have been stolen from his Enom account and he thinks the break-in may have occurred as high as the registry level. Even worse, the thefts may not have stopped yet:
Major Domain Hijacking Alert: Industry Pioneer Warren Weitzman Has Over a Dozen Domains Stolen From his Enom Account

 

[Ramblr]

This is really scary news.

 

[-REECE-]

I know another domainer who had domains mysteriously vanish from his eNom account last year - seemingly without reason. Scary news indeed.

 

[mis_chiff]

Isin't there a way to find out the info of the scammer
through Fastpark.net?
You'd think they'd bend over backwards to help.

 

[Ms Domainer]

*

Enom has a lot of explaining to do.

They either have a thief on their staff, or security gaps as wide as North America and a whole lot of incompetence.

In any case, it's getting scary out there.

*

 

[bmugford]

I never felt comfortable with domains at Enom myself, security being one of many reasons. I want to hear Enom explain exactly how this happened.

Brad

 

[trendicator]

i think warren may have some key-logging virus on his computer...

 

[matt_bodis]

NameDrive could probably help him out since it is parked with them.

I'd be interested in knowing the ip addresses of the perpetrator(s).

 

[gemstar]

This could only be done from the top level.Inside job.
Best thing to do is ask for records of confirmed transfer by owner.If there is none then the registrar should be at blame

 

[snoop]

You can just about bet that his email account has been hacked vis soical engineering/keylogging etc (I've never really heard of names being stolen in any other way than due to a compromised email account), and the names gradually stolen. I don't see any reason why it would involve Verisign. Enom generally has only average security. He probably needs to be with Moniker or Fabulous.

The reason is still shows in his enom account is likely because it is recently transferred out. I would suggest he look very carefully at what sort of security his email provider has, somebody has probably added a redirect or something like that. He probably needs to hire an expert ASAP if name are stil being stolen, it will potentially be costing him more and more every day as some of those names are probably being bought by 3rd parties. Richard Lau would be my suggestion.

 

[SpareDomains]

There is a register sync issue which I have experienced at enom and moniker over the years where I transfer a name out to a new register and it still shows at the old register as well for a few weeks before it disappears, in a case like this if using enom or moniker your domain could be stolen for weeks before noticing the theft as it appears in both accounts, I currently have 1 domain I transfered from moniker to godaddy 1 week ago and it still shows in my moniker account as well, I wish enom & moniker if possible would fix that sync issue as I don't experience this at godaddy or fabulous and if a name is gone it should disappear in real time as it would tip someone off sooner to a possible theft as seeing a domain disappear from your account weeks after the fact is a lot of time for a thief to bounce it through a few registrars.

 

[Auraka]

No this is an Enom issue....not a Verisign issue until proven otherwise....I hate speculation and the clear issue here is the domain owner and enom

---------- Post added at 12:19 AM ---------- Previous post was at 12:02 AM ----------

There is a register sync issue which I have experienced at enom and moniker over the years where I transfer a name out to a new register and it still shows at the old register as well for a few weeks before it disappears, in a case like this if using enom or moniker your domain could be stolen for weeks before noticing the theft as it appears in both accounts, I currently have 1 domain I transfered from moniker to godaddy 1 week ago and it still shows in my moniker account as well, I wish enom & moniker if possible would fix that sync issue as I don't experience this at godaddy or fabulous and if a name is gone it should disappear in real time as it would tip someone off sooner to a possible theft as seeing a domain disappear from your account weeks after the fact is a lot of time for a thief to bounce it through a few registrars.

This is an issue with many registrars showing domains in your account that may have been transferred out, however this doesn't show how the "hack" happened as your issue is a known issue. There are a few registrars that are very good at identifying domains that are no longer are in your account; godadaddy, dynadot, etc.

 

[Vrytek]

i think warren may have some key-logging virus on his computer...

I'll second that.

Interesting read below
Is Your PC Part of a Botnet?

 

[networkmsia]

or maybe if he was using a Wi-Fi, his neighbor could be sniffing the packets, and thus easily steal the passwords.

 

[snoop]

I should have received an email about the password change, but somehow that did not arrive. I just don't understand how I did not get the email that my password was changed......unless he is selectively intercepting emails in my account and my ISP mislead me as to if they gave him access or not.

Yes, he probably deleted or redirected the email.

---------- Post added at 04:23 AM ---------- Previous post was at 04:23 AM ----------

or maybe if he was using a Wi-Fi, his neighbor could be sniffing the packets, and thus easily steal the passwords.

Very unlikely.

 

[FX]

I never felt comfortable with domains at Enom myself, security being one of many reasons.
Brad

Same here Brad

All my most valued domain's are at Moniker and Fabulous.

I will be moving every domain I own to Fabulous within these next few weeks you can't beat there security and service.

 

[labrocca]

Can I please give some advice to domainers?

Use an email forward for your registration email. This protects you in two ways.

One...the hacker doesn't know your actual email address.
Two...you can't hack into a forward because it's not a pop box.
Three...use for the forward email address a domain you own.

An example setup.

1. I own example.com.
2. All my domains are registered at [email protected]
3. I redirect all [email protected] emails to [email protected]

This offers stronger protection because the hacker can't actually break into [email protected] no matter how hard he tries. At best he can get into the hosting account but since you still have registrar access you can just change DNS to a new email provider and the old host is useless and so is his access. This will give you time to fend off a thief.

You can also use Moniker or Fabulous as suggested. I prefer Moniker. It's moments like this that express very well the real dangers of stolen domains. I could care less about how great GD support is if they can't help you get a stolen domain back. I know this is Enom but their security is obviously just as flawed. Warren is going to now waste many hours and some money fighting this. I am sure some anxiety will also ensue.

This is a very real shame.

 

[networkmsia]

Can I please give some advice to domainers?

Use an email forward for your registration email. This protects you in two ways.

One...the hacker doesn't know your actual email address.
Two...you can't hack into a forward because it's not a pop box.
Three...use for the forward email address a domain you own.

An example setup.

1. I own example.com.
2. All my domains are registered at [email protected]
3. I redirect all [email protected] emails to [email protected]

Good tips.
Rep added

 

[snoop]

At best he can get into the hosting account but since you still have registrar access you can just change DNS to a new email provider and the old host is useless and so is his access. This will give you time to fend off a thief.

If they can get into the secondary email account then getting into the registrar account is probably only a short matter of time. The above solution does sounds better than something isp hosted directly on the whois record though.

 

[vacumer]

years ago i lost a domain in enom,and they restored it to me in 3-4 days
while they can , why NOT?
i guess enom have a thief in staff that they didnt care about these domains.