strategy Unlock valuable social media accounts

[redemo]

Ever researched a domain name and found the Facebook, Instagram, TikTok, Twitter or YouTube account already claimed but not updated for 10 years? Well I recently bought a domain name and tested something. After purchase I created a catch-all e-mail account then sent a password reset request to Facebook, Instagram, TikTok, Twitter or YouTube. Four of them failed but one succeeded and I was able to claim a valuable social media account. Valuable because it has over 5000 followers and is a very popular hash-tag. It's hit and miss but you might want to try it and see if you get lucky. Cheers.

 

[redemo]

Many half-intelligent people were aware of this email catch-all 'loophole' over a decade ago.

Ethical people won't act on it, and most unethical actors wouldn't be silly enough to publicly boast about it while enticing others to do the same.

I backed you when you first joined NP because you stated that you wanted to teach people, but this is unethical behaviour and information that I do not want to see disseminated on this forum!

Some would say registering a social media account and not using it for ten years, but essentially squatting in it, is unethical. But I take your point.

 

[redemo]

What a polite way to pass your opinion across. Since you clearly didn't understand what I said, I will explain it again.

For you to reset your password on Facebook, Twitter, and Tiktok, you need to provide the email address that is registered with the account. If for example, the email linked to a Twitter account is [email protected], you won't be able to reset the password if you can't remember and provide the email address exactly as [email protected]. It doesn't matter if you own the domain 'namepros.com' and created a catch-all email for it.

My regards to people on planet earth.

No dawg, you are still in orbit and have not landed on the green and blue planet yet. Here is the scenario. One you register a domain name. Two you create a catch-them-all email account. Three you find your exact-match social media accounts like twitter.com/domainname or facebook.com/domainname. Next you request a password reset to the USERNAME of the account. NOT the E-MAIL ADDRESS. Finally the password resent link is sent to the e-mail address of the domain name like [email protected]. When you receive the reset link the header will show you the e-mail address sent to. All you need to do is create this email address and re-request the reset link. You'll then be able to reset the password and gain access to the account IF it didn't have a phone number attached to the account upon registration. I'm not saying it's ethical or legal. I'm half-half on the ethical question especially after @CraigD's reply but I hate social media handle squatters. Also not a lawyer. Just sharing something I did. Again, anyone who is against this can report it to all the social media companies in order for them to change it. Doubt you will though. That's how we roll on planet Earth.

 

[redemo]

Morally it's in the grey area, legally it's just straight up illegal. I understand the 'abandonware' sort of argument but in the eyes of the actual law this is 100% illegal, even if the account uses an email that ends in your newly registered domain. Recovery theft.

Are you a lawyer ? Please share a link to the law or don't make comments you can't back up with fact. Cheers.

 

[MasterOfMyDomains]

Essentially squatting lol

 

[Croc]

This can only work on Instagram because they don't ask for email address when you're trying to reset your password. They just send the request to the associated email address. But then, the person must be using an email address that ends with your domain before you can receive the mail.

The other social media won't work as you need to provide the email address linked to the account whose password you're trying to restore.

This isn't true. I've gained access to multiple Twitter accounts tied to custom expired domains by doing a little cross-referencing on Google to make an educated guess of the email address, which 9 times out of 10 is correct.

 

[IMEZI]

Creating a catch-all email is useless if you can't provide the exact email address that was used in the first place.

Then do your homework by stalking those social media account sometimes they were slipped and mentioning their own email address LOL. You really didnt know the method right? by creating catch all email forwarder then you could sit by waiting for any kind of email notification from the social media account and then BOOM suddenly you know exactly the email address for resetting the password LOL

 

[IMEZI]

This isn't true. I've gained access to multiple Twitter accounts tied to custom expired domains by doing a little cross-referencing on Google to make an educated guess of the email address, which 9 times out of 10 is correct.

why should you guessing? just set the catch all and then sit down and waiting for twitter sending email notification.

 

[IMEZI]

That's a bunch of BS. You could say the same about other accounts all over the place.

Hey, it was using the email of a domain that expired...therefore I am entitled to it.

Where is the line? Can I steal someone's YouTube account because their domain expired?

Not only is this unethical, it is quite possibly illegal. It is not your property to transfer.

Brad

Even though we do want to send it back to the rightfull owner but how the hell we could trace down the real owner?

Another angle is, since domain is related to registration period then everything tied to domain should be counted as the same. You dont pay the renewal you were no longer have any right to the domain ^_^

 

[Croc]

why should you guessing? just set the catch all and then sit down and waiting for twitter sending email notification.

Because in order to send a password reset, you need to know the current email address. Don’t argue with someone who has done this many many times.

Some accounts have what’s new email notifications turned off.