One of our Customers Domain Name Was (almost) Stolen

Posted on Thursday, July 9th, 2015

One of our customers narrowly avoided completely losing their domain name.

Their domain was a short, 4-letter, .com, high-quality domain name that they had paid a 4-figure sum to own.  Stolen.

Actually stolen.  Only by the grace of God did they end up getting it back.

Here’s the story of what happened, how it was discovered, and how they managed to get it back:

We have a problem…

One day we logged into the customer’s hosting account (where their domain was also registered), only to discover that some of the information appeared to be “off”.  We contacted the customer by phone, and asked if they were making these changes, and they indicated they were not.  We advised them that this was dead serious, and an urgent issue, because if they weren’t making the changes, then their account was in jeapardy.  At that time, we thought that their website maybe being hacked (we weren’t aware that their domain name was also registered there).

The domain is gone…

We stayed in fairly steady contact with the customer, who, after contacting their host provider, discovered that the domain name was already in the middle of transfer to a different registrar (GoDaddy).  With access to both accounts – the customer’s account and their own GoDaddy account (which the bad guy had) – they have everything they need in order to transfer a domain name.

The effort to get it back…

The customer threw one of their staff members into resolving this full time.  He ended up spending nearly a month, full-time, working on the problem, and finding a solution.  They contacted the FBI, GoDaddy, their host provider – anybody who might have the authority to stop / reverse the transfer.

GoDaddy agreed to “freeze” the domain when it arrived, and not allow it to be pointed to different hosting or email.

The FBI couldn’t do much at all to help.

The host provider (who we do NOT recommend) was essentially non-responsive.

Who’s responsible?

And guess what? The customer asked us a lot of questions that suggested they thought that we might have been responsible for their account information being leaked.  Thankfully, at that time we had solid practices in place for securing our customer’s sensitive credentials, and we could say with confidence that there was no way we had leaked the information.

Finally getting it back…

How did they finally get the domain back? The answer is surprising: Social Media.  The customer, after literally a month of working every angle they could think of, with no result, finally made a move that got their domain back.  They had built a decent social media following, so when they called out the CEO of their hosting company via Facebook, they got some attention.  Within minutes of the posting, the hosting company became very responsive, worked directly with GoDaddy, and got the domain name back (which HAD been successfully transferred, but thankfully GoDaddy had “frozen” the domain while this was being resolved).

How did it happen?

And how did this all happen? After defending ourselves and explaining our security practices, the customer seemed satisfied that it was not us that leaked the information.  And after doing some more digging, they discovered how it had been leaked:

One of their staff was traveling overseas.  Working on his computer, he was emailing with the home office.  They emailed some sensitive information, and their emails were intercepted by a bad guy.  And with just a couple of pieces of sensitive information, and the wealth of information you can get from the internet, that bad guy had everything he needed in order to (almost) steal their domain name.


Leave a Reply


comment on this post »

No comments on this post yet.