strategy Unlock valuable social media accounts

[redemo]

Ever researched a domain name and found the Facebook, Instagram, TikTok, Twitter or YouTube account already claimed but not updated for 10 years? Well I recently bought a domain name and tested something. After purchase I created a catch-all e-mail account then sent a password reset request to Facebook, Instagram, TikTok, Twitter or YouTube. Four of them failed but one succeeded and I was able to claim a valuable social media account. Valuable because it has over 5000 followers and is a very popular hash-tag. It's hit and miss but you might want to try it and see if you get lucky. Cheers.

 

[DigiNames]

This is literally unethical account theft, not some great domaining strategy.

 

[bmugford]

Ever researched a domain name and found the Facebook, Instagram, TikTok, Twitter or YouTube account already claimed but not updated for 10 years? Well I recently bought a domain name and tested something. After purchase I created a catch-all e-mail account then sent a password reset request to Facebook, Instagram, TikTok, Twitter or YouTube. Four of them failed but one succeeded and I was able to claim a valuable social media account. Valuable because it has over 5000 followers and is a very popular hash-tag. It's hit and miss but you might want to try it and see if you get lucky. Cheers.

That sounds like theft actually. Even if an account is inactive, it is not your account to take.
The fact you took an account that had 5000 followers via password reset makes it even worse.

Brad

 

[CraigD]

Many half-intelligent people were aware of this email catch-all 'loophole' over a decade ago.

Ethical people won't act on it, and most unethical actors wouldn't be silly enough to publicly boast about it while enticing others to do the same.

I backed you when you first joined NP because you stated that you wanted to teach people, but this is unethical behaviour and information that I do not want to see disseminated on this forum!

 

[HotKey]

Sheesh Redemo. Clever, but just because you can, doesn't mean you should. I think something like this will come back to bite you in the end. Revealing post on one's integrity, imo. This really sets a bad example of a professional domainer.

 

[johnn]

Translation:
I was following a rich man and wait to see if he drops the wallet or the house key so I can see what he has in the wallet and the house.
Finally he dropped the key. Am I lucky?

Actually it's Identity theft as you pretend to be somebody else.

 

[the_poet]

Ever researched a domain name and found the Facebook, Instagram, TikTok, Twitter or YouTube account already claimed but not updated for 10 years? Well I recently bought a domain name and tested something. After purchase I created a catch-all e-mail account then sent a password reset request to Facebook, Instagram, TikTok, Twitter or YouTube. Four of them failed but one succeeded and I was able to claim a valuable social media account. Valuable because it has over 5000 followers and is a very popular hash-tag. It's hit and miss but you might want to try it and see if you get lucky. Cheers.

Absolutely unethical. The fact that you found a key doesn't entitle you to the house and making it yours, even if it's abandoned.

 

[bmugford]

Unethical? Maybe. But if a social media account is using an email address with a domain that was left to expire and hasn’t been updated in ages, then it’s the original owners responsibility to update said social media account. Otherwise, if you control the domain under which the account is registered, there’s nothing stopping you from gaining control of said account.

That's a bunch of BS. You could say the same about other accounts all over the place.

Hey, it was using the email of a domain that expired...therefore I am entitled to it.

Where is the line? Can I steal someone's YouTube account because their domain expired?

Not only is this unethical, it is quite possibly illegal. It is not your property to transfer.

Brad

 

[lock]

It is the property of the social media site not even the user. The user cannot sell their account either read the terms.

 

[MasterOfMyDomains]

Sick. I scored a name. Someone here owned it, they have vanished. From Australia, their names are scattered now.
It was a brilliant idea they had, many would remember this 5+ years ago. Their page well set up
Their fb page has 3500 likes, i see email they use in about us is domain based. Easy to snag, but i would never consider it. If its not yours, dont touch it
Applies in real world and digital world

 

[dncafe]

After purchase I created a catch-all e-mail account then sent a password reset request...

Sounds like me renewing a bunch of old domains trying to recover bitcoin from around 2010

 

[mr-x]

Some perspective.

Social media accounts are not the same as domains. You don't pay for them, they can be taken from you for a wide variety of reasons at the discretion of the SM company.

This isn't identity theft or anything near to it.

It's not comparable to using an email address to steal domains or commit identity fraud. In the USA, there is legal precedent for claiming real property that has been abandoned

There is an easy process for the account owner to get the account back, if they want it.

I agree it's not ethical but it is not a crime and I as well as others here have done worse. We make mistakes, we grow.

@redemo, Many years ago, I picked up a dropped name with good back-links. I was in a hurry and used content from archive.org ( lots of how to articles ) and placed adsense ads.

In the process, I learned the previous owner had passed away, then people managed to purchase products the previous owner had hand made, using links to third party eCommerce service.

Imagine my problem explaining to people why I could neither deliver the product or issue a refund.

Sometimes we create more problems for ourselves when we take shortcuts.

 

[mr-x]

I've had social media accounts stolen. There is a process you can use to regain control of the account so the original owner may take it back.

Google stores information on your hd to identify which computer you are using to login with so this would not work for G accounts.

 

[frostify]

Morally it's in the grey area, legally it's just straight up illegal. I understand the 'abandonware' sort of argument but in the eyes of the actual law this is 100% illegal, even if the account uses an email that ends in your newly registered domain. Recovery theft.

 

[Clover]

Absolutely unethical. The fact that you found a key doesn't entitle you to the house and making it yours, even if it's abandoned.

Actually, if a home is abandoned for a long period of time, someone can move in and legally claim it if they know how to work the law...

 

[forge]

Next up, how to steal a domain by registering an expired domain and takeover the owner email address....

Huh? Is that sarcasm, or what?

But, what are the ethics of profiting hugely off expired names by their registrars, or primarily one single dominant registrar? Millions upon millions of dollars -- continuous guaranteed windfall!

 

[forge]

I have to agree, this is a pretty sleazy thing to do. At best you could be on the hook (read: sued) for hijacking a social media account. I wouldn't be shocked either if "one" would be banned from such a site for violating TOS, or worse.

 

[PurpleMan]

Just out of interest what planet are you from? Here on Planet Earth you can enter the username and an e-mail is sent to the e-mail address, which is caught by the catch-all e-mail address and sent to the e-mail address which is linked to the catch-all e-mail address. Also I drink many tins of Stella Artois. Anno 1366. Belgium.

What a polite way to pass your opinion across. Since you clearly didn't understand what I said, I will explain it again.

For you to reset your password on Facebook, Twitter, and Tiktok, you need to provide the email address that is registered with the account. If for example, the email linked to a Twitter account is [email protected], you won't be able to reset the password if you can't remember and provide the email address exactly as [email protected]. It doesn't matter if you own the domain 'namepros.com' and created a catch-all email for it.

My regards to people on planet earth.

 

[LoveCatchyDomains]

Many half-intelligent people were aware of this email catch-all 'loophole' over a decade ago.

Ethical people won't act on it, and most unethical actors wouldn't be silly enough to publicly boast about it while enticing others to do the same.

I backed you when you first joined NP because you stated that you wanted to teach people, but this is unethical behaviour and information that I do not want to see disseminated on this forum!

So this was a well-known loophole for over a decade? Oh, my! Still not fixed by the social media accounts? Shame on them!

 

[mr-x]

Translation:
I was following a rich man and wait to see if he drops the wallet or the house key so I can see what he has in the wallet and the house.
Finally he dropped the key. Am I lucky?

Actually it's Identity theft as you pretend to be somebody else.

Probably not a legal identity and it's easy enough to change the contact information associated with the account.

The original owner can always file a complaint, show proof of what happened and you will get the account back. I've had an account on twitter and two accounts on fb stolen, a single email was all it took to get them back.

 

[redemo]

I have to agree, this is a pretty sleazy thing to do. At best you could be on the hook (read: sued) for hijacking a social media account. I wouldn't be shocked either if "one" would be banned from such a site for violating TOS, or worse.

First of all the account I unlocked was registed over ten years ago and had my newly registered exact-match domain name in its bio. Second it was registered to the domain name. Third all links in posts on the account were to the domain name. I'm not saying it's ok to do this. I am not saying anyone should do it. I'm saying there's a loophole and I have managed to take advantage of it. In my case I don't see the ethical issue. In fact I don't even see a legal or T.O.S. issue but like always I might be wrong. If you are REALLY concerned and not just being offended for the sake of drama then contact the social media platforms and get the security systems changed.

 

[forge]

Sounds like me renewing a bunch of old domains trying to recover bitcoin from around 2010

v clever mate

I'd post an emoji if I could figure out how. Thank you forum update!

(I got lucky.)

 

[redemo]

This can only work on Instagram because they don't ask for email address when you're trying to reset your password. They just send the request to the associated email address. But then, the person must be using an email address that ends with your domain before you can receive the mail.

The other social media won't work as you need to provide the email address linked to the account whose password you're trying to restore.

Which is exactly why it works if the e-mail account is using the domain name.

 

[Clover]

Stella Artois.

My maaaan!

Can never run out of reasons to like redemo haha

 

[Croc]

This can only work on Instagram because they don't ask for email address when you're trying to reset your password. They just send the request to the associated email address. But then, the person must be using an email address that ends with your domain before you can receive the mail.

The other social media won't work as you need to provide the email address linked to the account whose password you're trying to restore.

This isn't true. I've gained access to multiple Twitter accounts tied to custom expired domains by doing a little cross-referencing on Google to make an educated guess of the email address, which 9 times out of 10 is correct.

 

[mr-x]

I honestly doubt it would be hard to figure out what the email might be.

@redemo a real one for this

FB, Twitter, etc., send updates and notices by email. It's not rocket science.