A GoDaddy customer and veteran domain investor, has shared details of losing 29 aged domains to a hijacker, and dealing with unhelpful representatives when he tried to address the issue.
The following domains were listed as stolen from the customer’s GoDaddy account:
zantar.com, zata.com, yetta.com, podz.com, wingdale.com, prosaic.com, petlease.com, onesec.com, onlinemed.net, onlinebrain.com, namedom.com, millerton.com, microgirl.com, mentax.com, jenil.com, interactivebrain.com, ihopi.com, hoppie.com, harlemvalley.com, futuretrip.com, fanax.com, falconwood.com, fagat.com, eyebrowdesign.com, doverplains.com, dogtail.com, cloneclothing.com, adsec.com, acals.com
Said the domain theft victim:
I became aware of the situation when I noticed two of my 450+ names registered at Godaddy were ‘not available’ for changes, but listed on my account.
I called Godaddy – this was April 23 – and they actually told me, over the course of an hour conversation, that 29 of the domains had been moved out of my account. 21 were still in other Godaddy accounts.
They also said that someone had ‘hacked into’ my account several times and changed my passwords – which is why I had been having sporadic difficulty logging in over the course of several months.
Domain hijacking went rampant in 2015, with cybercriminals launching spear-fishing email campaigns to exploit an ICANN mandate for email verification.
The domain hijacking victim did not mince his words about how GoDaddy representatives handled his case:
Our attorneys have already contacted Godaddy. And the extremely rude Godaddy customer service supervisor I spoke with, who yelled at me on the phone that he ‘just had a call like this with another customer’ told me to get a warrant to get an answer to the question- does Godaddy HAVE the IP addresses – not can you GIVE me the IP addresses.
You’d think that after doing a great deal of business with a company over many years that they would be a bit more helpful.
Seems like this may be happening to quite a few of Godaddy customers.
With GDPR ante portas, it is expected that domain hijacking incidents will increase. Researchers will not be able to extract valuable information on domain thieves and stolen assets.