strategy Unlock valuable social media accounts

[redemo]

Ever researched a domain name and found the Facebook, Instagram, TikTok, Twitter or YouTube account already claimed but not updated for 10 years? Well I recently bought a domain name and tested something. After purchase I created a catch-all e-mail account then sent a password reset request to Facebook, Instagram, TikTok, Twitter or YouTube. Four of them failed but one succeeded and I was able to claim a valuable social media account. Valuable because it has over 5000 followers and is a very popular hash-tag. It's hit and miss but you might want to try it and see if you get lucky. Cheers.

 

[branding]

Huh? Is that sarcasm, or what?

But, what are the ethics of profiting hugely off expired names by their registrars, or primarily one single dominant registrar? Millions upon millions of dollars -- continuous guaranteed windfall!

Yes and... Yes, there are issues with registrars auctioning domains that technically are not theirs to sell (yet). Gray area... Covered by TOS and an icann loophole if you'd ask me.

It does however provide a relatively accessible expiration pool. If no registrar did it, there would only be drops and we know who dominates those. Best of two evils?

I'll save the rest for a more appropriate thread

 

[MasterOfMyDomains]

Sick. I scored a name. Someone here owned it, they have vanished. From Australia, their names are scattered now.
It was a brilliant idea they had, many would remember this 5+ years ago. Their page well set up
Their fb page has 3500 likes, i see email they use in about us is domain based. Easy to snag, but i would never consider it. If its not yours, dont touch it
Applies in real world and digital world

 

[mr-x]

Some perspective.

Social media accounts are not the same as domains. You don't pay for them, they can be taken from you for a wide variety of reasons at the discretion of the SM company.

This isn't identity theft or anything near to it.

It's not comparable to using an email address to steal domains or commit identity fraud. In the USA, there is legal precedent for claiming real property that has been abandoned

There is an easy process for the account owner to get the account back, if they want it.

I agree it's not ethical but it is not a crime and I as well as others here have done worse. We make mistakes, we grow.

@redemo, Many years ago, I picked up a dropped name with good back-links. I was in a hurry and used content from archive.org ( lots of how to articles ) and placed adsense ads.

In the process, I learned the previous owner had passed away, then people managed to purchase products the previous owner had hand made, using links to third party eCommerce service.

Imagine my problem explaining to people why I could neither deliver the product or issue a refund.

Sometimes we create more problems for ourselves when we take shortcuts.

 

[redemo]

I have to agree, this is a pretty sleazy thing to do. At best you could be on the hook (read: sued) for hijacking a social media account. I wouldn't be shocked either if "one" would be banned from such a site for violating TOS, or worse.

First of all the account I unlocked was registed over ten years ago and had my newly registered exact-match domain name in its bio. Second it was registered to the domain name. Third all links in posts on the account were to the domain name. I'm not saying it's ok to do this. I am not saying anyone should do it. I'm saying there's a loophole and I have managed to take advantage of it. In my case I don't see the ethical issue. In fact I don't even see a legal or T.O.S. issue but like always I might be wrong. If you are REALLY concerned and not just being offended for the sake of drama then contact the social media platforms and get the security systems changed.

 

[redemo]

This can only work on Instagram because they don't ask for email address when you're trying to reset your password. They just send the request to the associated email address. But then, the person must be using an email address that ends with your domain before you can receive the mail.

The other social media won't work as you need to provide the email address linked to the account whose password you're trying to restore.

Which is exactly why it works if the e-mail account is using the domain name.

 

[redemo]

Redemo: Please, Please seriously consider removing yourself from those accounts. And let us know if you did. I know I will respect you tremendously for doing so. You clearly are brilliant, having the skills to gain access to these accounts. But your great wisdom may better be used elsewhere.

Appreciate sharing your opinions mate. I didn' t think this would be such a conroversial topic. In my case the social account is registered to my newly-acquired domain name and uses the domain name as the e-mail address too. The original owner did not provide a phone number. Their only link to the account would be knowing the original password from over ten years ago, which is probably encrypted. Good luck with that.

Having said all of that if the original owner contacted me an provided cast iron proof it was their account and their hard work building a follower base I'd probably give it back.

 

[redemo]

v clever mate

I'd post an emoji if I could figure out how. Thank you forum update!

(I got lucky.)

Hey Forge! How many N.P. members would give back anonymous $ 10 million B.T.C. if they found password and I.D. in a reset e-mail from catch-all of a newly registered domain name. Everybody? Most people? No-one? Exactly. Double standards by everbody. Oh come one, so you would give back TEN MILLION DOLLARS ANONYMOUS BITCOIN? Would you bollocks! So how is a social account any different?

 

[redemo]

Sheesh Redemo. Clever, but just because you can, doesn't mean you should. I think something like this will come back to bite you in the end. Revealing post on one's integrity, imo. This really sets a bad example of a professional domainer.

Ha. I'm not a professional domainer. Yet. In terms of integrity would you give back 10 MILLION DOLLARS from an anonymous B.T.C. account where you got the password from a catch-all e-mail adress you set up on a newly-registered domain name? Even if you didn't know who the owner was? Only you can answer that question in such a situation. Integrity indeed. Also you might be right, and as always I might be wrong. Cheers.

 

[redemo]

Actually, if a home is abandoned for a long period of time, someone can move in and legally claim it if they know how to work the law...

Thanks for sharing that video @Clover. Fair play to that man. He did his research, followed the law and got lucky. It's got diddly-squat to do with the neighbours if he's following the law. Law doesn't care about your feelings. Law doesn't care about your dietary preferences. Law is law. If you can find a loophole why not exploit it? Your ethics are only as good as your carbon footprint anyway.

 

[redemo]

Creating a catch-all email is useless if you can't provide the exact email address that was used in the first place.

Just out of interest what planet are you from? Here on Planet Earth you can enter the username and an e-mail is sent to the e-mail address, which is caught by the catch-all e-mail address and sent to the e-mail address which is linked to the catch-all e-mail address. Also I drink many tins of Stella Artois. Anno 1366. Belgium.

 

[PurpleMan]

Just out of interest what planet are you from? Here on Planet Earth you can enter the username and an e-mail is sent to the e-mail address, which is caught by the catch-all e-mail address and sent to the e-mail address which is linked to the catch-all e-mail address. Also I drink many tins of Stella Artois. Anno 1366. Belgium.

What a polite way to pass your opinion across. Since you clearly didn't understand what I said, I will explain it again.

For you to reset your password on Facebook, Twitter, and Tiktok, you need to provide the email address that is registered with the account. If for example, the email linked to a Twitter account is [email protected], you won't be able to reset the password if you can't remember and provide the email address exactly as [email protected]. It doesn't matter if you own the domain 'namepros.com' and created a catch-all email for it.

My regards to people on planet earth.

 

[Clover]

Stella Artois.

My maaaan!

Can never run out of reasons to like redemo haha

 

[frostify]

Morally it's in the grey area, legally it's just straight up illegal. I understand the 'abandonware' sort of argument but in the eyes of the actual law this is 100% illegal, even if the account uses an email that ends in your newly registered domain. Recovery theft.

 

[CraigD]

Many half-intelligent people were aware of this email catch-all 'loophole' over a decade ago.

Ethical people won't act on it, and most unethical actors wouldn't be silly enough to publicly boast about it while enticing others to do the same.

I backed you when you first joined NP because you stated that you wanted to teach people, but this is unethical behaviour and information that I do not want to see disseminated on this forum!

 

[LoveCatchyDomains]

Many half-intelligent people were aware of this email catch-all 'loophole' over a decade ago.

Ethical people won't act on it, and most unethical actors wouldn't be silly enough to publicly boast about it while enticing others to do the same.

I backed you when you first joined NP because you stated that you wanted to teach people, but this is unethical behaviour and information that I do not want to see disseminated on this forum!

So this was a well-known loophole for over a decade? Oh, my! Still not fixed by the social media accounts? Shame on them!

 

[redemo]

Many half-intelligent people were aware of this email catch-all 'loophole' over a decade ago.

Ethical people won't act on it, and most unethical actors wouldn't be silly enough to publicly boast about it while enticing others to do the same.

I backed you when you first joined NP because you stated that you wanted to teach people, but this is unethical behaviour and information that I do not want to see disseminated on this forum!

Some would say registering a social media account and not using it for ten years, but essentially squatting in it, is unethical. But I take your point.

 

[redemo]

What a polite way to pass your opinion across. Since you clearly didn't understand what I said, I will explain it again.

For you to reset your password on Facebook, Twitter, and Tiktok, you need to provide the email address that is registered with the account. If for example, the email linked to a Twitter account is [email protected], you won't be able to reset the password if you can't remember and provide the email address exactly as [email protected]. It doesn't matter if you own the domain 'namepros.com' and created a catch-all email for it.

My regards to people on planet earth.

No dawg, you are still in orbit and have not landed on the green and blue planet yet. Here is the scenario. One you register a domain name. Two you create a catch-them-all email account. Three you find your exact-match social media accounts like twitter.com/domainname or facebook.com/domainname. Next you request a password reset to the USERNAME of the account. NOT the E-MAIL ADDRESS. Finally the password resent link is sent to the e-mail address of the domain name like [email protected]. When you receive the reset link the header will show you the e-mail address sent to. All you need to do is create this email address and re-request the reset link. You'll then be able to reset the password and gain access to the account IF it didn't have a phone number attached to the account upon registration. I'm not saying it's ethical or legal. I'm half-half on the ethical question especially after @CraigD's reply but I hate social media handle squatters. Also not a lawyer. Just sharing something I did. Again, anyone who is against this can report it to all the social media companies in order for them to change it. Doubt you will though. That's how we roll on planet Earth.

 

[redemo]

Morally it's in the grey area, legally it's just straight up illegal. I understand the 'abandonware' sort of argument but in the eyes of the actual law this is 100% illegal, even if the account uses an email that ends in your newly registered domain. Recovery theft.

Are you a lawyer ? Please share a link to the law or don't make comments you can't back up with fact. Cheers.

 

[MasterOfMyDomains]

Essentially squatting lol

 

[Croc]

This can only work on Instagram because they don't ask for email address when you're trying to reset your password. They just send the request to the associated email address. But then, the person must be using an email address that ends with your domain before you can receive the mail.

The other social media won't work as you need to provide the email address linked to the account whose password you're trying to restore.

This isn't true. I've gained access to multiple Twitter accounts tied to custom expired domains by doing a little cross-referencing on Google to make an educated guess of the email address, which 9 times out of 10 is correct.

 

[IMEZI]

Creating a catch-all email is useless if you can't provide the exact email address that was used in the first place.

Then do your homework by stalking those social media account sometimes they were slipped and mentioning their own email address LOL. You really didnt know the method right? by creating catch all email forwarder then you could sit by waiting for any kind of email notification from the social media account and then BOOM suddenly you know exactly the email address for resetting the password LOL

 

[IMEZI]

This isn't true. I've gained access to multiple Twitter accounts tied to custom expired domains by doing a little cross-referencing on Google to make an educated guess of the email address, which 9 times out of 10 is correct.

why should you guessing? just set the catch all and then sit down and waiting for twitter sending email notification.

 

[IMEZI]

That's a bunch of BS. You could say the same about other accounts all over the place.

Hey, it was using the email of a domain that expired...therefore I am entitled to it.

Where is the line? Can I steal someone's YouTube account because their domain expired?

Not only is this unethical, it is quite possibly illegal. It is not your property to transfer.

Brad

Even though we do want to send it back to the rightfull owner but how the hell we could trace down the real owner?

Another angle is, since domain is related to registration period then everything tied to domain should be counted as the same. You dont pay the renewal you were no longer have any right to the domain ^_^

 

[Croc]

why should you guessing? just set the catch all and then sit down and waiting for twitter sending email notification.

Because in order to send a password reset, you need to know the current email address. Don’t argue with someone who has done this many many times.

Some accounts have what’s new email notifications turned off.