My domain 6462.com has been stolen

[DnEbook]

Not going to get into a long conversation about this other than to say the domain name 6462.com has been stolen and is now at ename.com .......merry F****KING XMAS TO ME

 

[JudgeMind]

Can someone explain how these domains are being stolen...I am certain many here would like to know if theres something we all need to be looking out for.

 

[DnEbook]

Well Godaddy have been in contact via a few email from a few people i have reached out to, however this reply worries me because i am sure there was no technical reasons for this to happen, which means they now have to work with ename who do not have a good rep when it comes to this stuff, Godaddy seem well aware they can be seen to be working for their customer in this instance, so we have to have wait and see, below is the main reply. Work something out with the registrant ??? Don't they mean the thief ?????
~

Thanks for getting us the information we need. I promise we’ll do everything we can to get your domain back, but keep in mind that there are no guarantees in cases like these.
Just so you know how the process works, our first step was to contact ENAME TECHNOLOGY CO., LTD. and request a Form of Authorization (FOA) for the transfer. This will show us if there were any technical issues that caused the transfer. It’s pretty rare that there’s a technical issue with a transfer, but if that’s the case, we can ask them to return the name to us.
If the FOA doesn’t show any technical errors, we’ll work with ENAME TECHNOLOGY CO., LTD. to see if they’re willing to transfer the domain back. If they choose to keep the domain – and understand, they are not required to return it -- you will need to contact them (or the current registrant) yourself to see if you can work something out.
,

We requested the FOA on 12/24/2014 and, from that date, ENAME TECHNOLOGY CO., LTD. has up to five days to respond. We’ll let you know as soon as we hear anything.

 

[NameOmnia]

My understanding is that they can steal your username & password ONLY if you actually type them somewhere in the page ( fake ) you are redirected to.
Real GD emails NEVER ask you to log in but they just redirect you to an automated verification.

 

[baseballworld]

This crap is out of control. How the heck does godaddy let so many domains get stolen and not do anything about it. Someone has to be responsible for this crap. If something is stolen from a store they investigate it why not this. I mean there is a digital trail just like a fingerprint or footprint if you will.

 

[laladomains]

If you check or view the "Extended Header Information" for that specific email, you will most likely be surprised to discover that the email was NOT sent from the address shown above. The true address has been masked. Any email with an embedded link(s) should be treated as suspect.

Very important thing to know!
i didn't know that email address can be masked and i'm sure i'm not the only one.

Well Godaddy have been in contact via a few email from a few people i have reached out to, however this reply worries me because i am sure there was no technical reasons for this to happen, which means they now have to work with ename who do not have a good rep when it comes to this stuff, Godaddy seem well aware they can be seen to be working for their customer in this instance, so we have to have wait and see, below is the main reply. Work something out with the registrant ??? Don't they mean the thief ?????

I hope you get it back soon as possible!

 

[discobull]

Someone else asked this but I didn't see a response. Is it possible your email account was hacked? That would explain how your domain could be transferred out without you receiving any notification. I have read that hackers will gain access to an email account and then add filters that will automatically redirect transfer-related emails to the hacker's email address. That way you continue to receive all your emails except the ones relating to the domain transfer. Since GoDaddy's system automatically generates transfer confirmation emails, it seems a bit too coincidental to believe that their system would have failed at the exact time your domain was stolen.

 

[tultseo]

This is one of the reasons why people are getting scammed:

"
Alright, just simply avoid downloading stuff from the internet. There is a lot of keyloggers and rats that can bypass your antivirus with a hacker program where you can crypt a file and the virus will be undectable to any anti-virus. This happens a lot on top major shared forums where people share stuff and some of them are really " reputable " members and they giveaway something in exchange for you to be injected by a Rat or Keylogger ( mustly are paid products) that people are looking for.

I recommend anyone to use malwarebytes, ccleaner and advanced systemcare and avoid downloading stuff from torrents, forums and sites.

Also always make sure the emails are from the godaddy official website, I received a few fake emails. Do not click on any links sent from godaddy emails, just make sure it is from godaddy. You can always contact godaddy from their official website or number if there is any issue about your account just don´t click the #links#"

Check out this video

 

[Dave_Z]

Someone else asked this but I didn't see a response. Is it possible your email account was hacked?

That's also what I thought after reading the entire thread.

Depending on the type of service of your email address on file, evirtual1, are you able to see what IP address logged in on what date? Something like that?

 

[DnEbook]

I have stated a number of times that i have not clicked on anything sent to me, i have asked godaddy on a few occasions why i did not receive a transfer email? Now if they say one was actually sent out then the possibility of my email account being hacked would be considered, perhaps i could get the details that Dave_Z has suggested, i am not sure if i can or not? I need to find out what godaddy says first, at this point there has been no clear response to that question? I do recall seeing on a domaingang post that one person did get their domain back, perhaps i will try and contact them and ask if they found out how come they they did not receive a transfer email either. I have always gone direct to godaddy and checked for any notifications when a email has come my way asking for me for do an action, Currently 5.30 am on Boxing Day so back to sleep for me, thanks all thus far

 

[Sheogorath]

This is an unfortunate turn of events and I have decided to enable the two factor authentication on name.com lately because of domain/s thefts.
Today even an extremely complicated password can be discovered by the above/other reasons.
If you are using google as your email address you can monitor the ip/s of login/s in the bottom right side of the screen, it is simple.
"Last activity"-"Details".
Godaddy is going to lose many customers to other registrars due to their non email policy, lack of security and inability to act when time is of the essence(for example: technical).
Quote from their chat button which is currently not working:
"We are currently experiencing high chat volumes, all of our agents are busy assisting other customers, please call (480) 505-8877 for immediate help".
I don't use them as main registrar anymore and transferred all of my domains from them except for one.
I personally believe the cheap price of one year registration is not worth using them.
I wish you good luck with getting your domain back.

 

[Acroplex]

Ename is a laggard, abusive Chinese domain registrar assisting domain thieves, and ICANN should pull the plug on their accreditation indefinitely.

 

[discobull]

Ename is a laggard, abusive Chinese domain registrar assisting domain thieves, and ICANN should pull the plug on their accreditation indefinitely.

Dp you know anything about TDRP's and whether one can be filed in this case?

 

[Acroplex]

Ename requires all reports e.g. police reports to be filed in Chinese. Then of course they do nothing, despite overwhelming evidence.

In October, a federal lawsuit was filed against thieves using Ename as a safe harbor of stolen domains.
http://domaingang.com/domain-news/acme-billing-company-files-federal-lawsuit-14-stolen-domains/

As Ename is also a marketplace to buy and sell domains, it's effectively assisting the thieves to dispose of stolen goods.

 

[italsat]

hello , 2 years ago in august 8 domains from godaddy was transfer with no my authorization , i have write godaddy and have explain that i not have authorized any transfer and godaddy have go back the domains in 2-4-6 months

 

[discobull]

I have stated a number of times that i have not clicked on anything sent to me, i have asked godaddy on a few occasions why i did not receive a transfer email? Now if they say one was actually sent out then the possibility of my email account being hacked would be considered, perhaps i could get the details that Dave_Z has suggested, i am not sure if i can or not? I need to find out what godaddy says first, at this point there has been no clear response to that question? I do recall seeing on a domaingang post that one person did get their domain back, perhaps i will try and contact them and ask if they found out how come they they did not receive a transfer email either. I have always gone direct to godaddy and checked for any notifications when a email has come my way asking for me for do an action, Currently 5.30 am on Boxing Day so back to sleep for me, thanks all thus far

If it was me, I'd be very concerned about my email account. You said that you first realized there was a problem with GoDaddy because you could no longer get into your account. That suggests that the hackers gained access to your GD account by issuing a password reset for it. In order to do that, they would have to have had access to your emails. Once they have access to your email account, they're free to intercept the emails of interest and proceed with the transfer without your knowledge. I'd ask GD to provide you with a list of IP addresses that accessed your account as well as a log of all activity for the period in question. I'd request the same of my email provider. I'd also change my email password for sure ( in case you haven't done so already). Anyhow, good luck to you and I hope that your holiday season ends off better than it started.

 

[NameOmnia]

The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.

Presumably GD sent out AUTOMATED email like they do EVERY TIME and the fact you didn't receive it can't be on GD but on the hackers that found a way to access your email address.
So statements like "Gd is not safe" " lack of security " etc are something very close to empty.

If you use gmail I am surprised you didn't receive an email from them stating someone was accessing your account from an unusual location. You can also set up a phone verification with them too; which is probably the moste effective way to prevent email account hacking

I would suggest GD, though, to put into place a system that warns people if someone is trying to access their account from an unusual location as well. But maybe those emails would be filtered too.

 

[Key]

I read topic title wrong and thought 6462 domains (a huge portfolio) has been stolen.

Hope you will get your domain back.

 

[discobull]

The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.

Presumably GD sent out AUTOMATED email like they do EVERY TIME and the fact you didn't receive it can't be on GD but on the hackers that found a way to access your email address.
So statements like "Gd is not safe" " lack of security " etc are something very close to empty.

If you use gmail I am surprised you didn't receive an email from them stating someone was accessing your account from an unusual location. You can also set up a phone verification with them too; which is probably the moste effective way to prevent email account hacking

I would suggest GD, though, to put into place a system that warns people if someone is trying to access their account from an unusual location as well. But maybe those emails would be filtered too.

As far as I know, it's not even possible to transfer out a domain from GD without receiving an email because GD issues all their transfer authorization codes via email ( if someone knows of an alternative method to get the codes, please correct me ).

With respect to accessing accounts from unusual locations, it's pretty trivial to spoof a location using either proxy servers or browser plugins designed to do exactly that. That part of it is probably taught on day one of hacking101.

 

[DnEbook]

The point is that, even though the above is a horrible circumstance, we have to see things for what they are.
IF the email has been hacked ( and that might have happened everywhere on the internet ) THEN we can't blame GoDaddy for it.
.

Godaddy were warned two weeks before the theft, why didn't they offer me a two step verification?? Yes i do blame godaddy to a degree, they were well aware of the thefts of numeric domains from their registrar and they were informed about attempts on this particular domains account
~
So it's ok to charge me the same amount to register a name but not to offer the same level of security ??
especially when trouble was brewing? There many questions to answered at some stage, one of them is why did they offer the same level of security as other customers? Then consider that i have been with them for over five years and they did not even get a reply to email requesting the hacking/phishing attempt emails to be put on record

 

[DnEbook]

If it was me, I'd be very concerned about my email account. You said that you first realized there was a problem with GoDaddy because you could no longer get into your account. That suggests that the hackers gained access to your GD account by issuing a password reset for it. In order to do that, they would have to have had access to your emails. Once they have access to your email account, they're free to intercept the emails of interest and proceed with the transfer without your knowledge. I'd ask GD to provide you with a list of IP addresses that accessed your account as well as a log of all activity for the period in question. I'd request the same of my email provider. I'd also change my email password for sure ( in case you haven't done so already). Anyhow, good luck to you and I hope that your holiday season ends off better than it started.

Thanks for the input, yes this will be one of the questions that will be asked, password was changed on the day of becoming aware of the theft, important names were transferred out, although many remain.