It’s time to emphasize, once again, one important action for domain investors:
Enabling two factor authentication when your domain registrar allows it, can save your domains.
In the case of a newly disclosed domain theft, 25 four letter (LLLL) .com domains were stolen from a GoDaddy account.
Their owner utilized two factor authentication for a while, but apparently the SMS messages would take a long time to arrive in his country.
Delays in SMS delivery is yet another issue; domain registrars such as Uniregistry, Name.com and eNom use the Google Authenticator app, while Fabulous.com offers a USB fob.
The stolen domains were moved to registrars Namesilo and 22.CN in China – the latter, hardly a surprise.
Here is the list of stolen domains:
CJQP.COM
DRQW.COM
GGYL.COM
GKJM.COM
GYLG.COM
GYLN.COM
GYLZ.COM
JHGS.COM
KBXM.COM
KGRQ.COM
KQLD.COM
KQMP.COM
KRNX.COM
KRPZ.COM
KSWN.COM
KWMZ.COM
KXDP.COM
KZGF.COM
KZTQ.COM
MTYN.COM
PQKT.COM
QFPW.COM
RQCQ.COM
RZJB.COM
SXDF.COM
Do not buy these domains, they are currently in the possession of a thief!
The real problem is hackers just break into a registrars’ server and move domains from it to another (by breaking in, too) without the hassles of logging in or 2fa. Totally without any fault on the side of the losing domain holder.
Domain Observer – As far as I know, this only happened with Moniker last year. The vast majority of domain theft occurs by using phishing emails. Two factor authentication is a must.
What I am saying is hackers do it without phishing emails because they don’t follow the log-in process. Why should they need a password to break in? They simply break in an apartment without a key, in other words. I am sure technicians know this, but don’t speak openly.
Domain Observer – As I explained, this occurred (confirmed) with the mass breaching of Moniker accounts, last year. The onus is on the registrant to ensure they don’t fall prey to phishing emails & to enable two factor authentication – that’s how 99% of domain thefts occur.
I am the guy who actually suffered from this kind of domain stealing several (perhaps 5-6 years ago, I don’t exactly remember) years ago. There were no phishing emails to me and I usually don’t open strangers’ email, let alone clicking links in emails.
I even don’t click any link in emails from my domain registrar. Domain registrars should stop this practice.
Which registrar was it? How did you confirm there was a security breach at their end?
It was one of the Asian registrars. I don’t want the name to be disclosed at this point in time because it has something to do with their business reputation and helped successfully recovering my domain anyway. There was no notice from the registrar to me about the domain transfer, which should be in a normal transfer case. They didn’t even know my domain was transferred from my account until I told them. And I never used my id and password in any case other than logging into the registrar’s own website.
Thanks for making this public