news 34 domains has been stolen from eNom to eName (China)

[toho]

Hi, all.

Must careful your own numeric domains.

I just found when I renew domains.
My 34 domains has been stolen from Chinese registrar.
I requested investigate this matter and process to eNom

I did not accept any transfer request from eNom.

34 domains are below.

1176.com 7/27/2015 2:53:17 AM
5128.com 7/27/2015 2:53:17 AM
9530.com 7/27/2015 2:53:17 AM
1084.com 7/27/2015 2:53:17 AM
1089.com 7/27/2015 2:53:17 AM
1093.com 7/27/2015 2:53:17 AM
1094.com 7/27/2015 2:53:17 AM
1136.com 7/27/2015 2:53:17 AM
1139.com 7/27/2015 2:53:17 AM
1142.com 7/27/2015 2:53:17 AM
1146.com 7/27/2015 2:53:17 AM
1152.com 7/27/2015 2:53:17 AM
1154.com 7/27/2015 2:53:17 AM
1162.com 7/27/2015 2:53:17 AM
1163.com 7/27/2015 2:53:17 AM
1167.com 7/27/2015 2:53:17 AM
1169.com 7/27/2015 2:53:17 AM
1173.com 7/27/2015 2:53:17 AM
1207.com 7/27/2015 2:53:17 AM
2363.com 7/27/2015 2:53:17 AM
2002.net 7/27/2015 2:53:17 AM
1265.com 7/27/2015 2:53:17 AM
359.net 7/27/2015 2:53:17 AM
197.net 7/27/2015 2:53:17 AM
3dj.com 7/27/2015 2:53:17 AM
4163.com 7/27/2015 2:53:17 AM
0690.com 7/27/2015 2:53:17 AM
1478.com 7/27/2015 2:53:18 AM
2003.net 7/27/2015 2:53:18 AM
1111.net 7/27/2015 2:53:18 AM
1208.com 7/27/2015 2:53:18 AM
3051.com 7/27/2015 2:53:18 AM
1803.com 7/27/2015 2:53:18 AM
489.com 7/27/2015 2:53:19 AM



toho

 

[domainoid]

again? domain theft happens quite often with the same path:
stolen from enom >> ending up with ename.cn

 

[toho]

It has been found at early stage , but eNom response is very slow.

 

[katherine]

I wonder if the theft was perpetrated through that old bug @ enom.

 

[toho]

3rd August, 6 more domains transfer out without any notification.

dinx.com 8/3/2015 2:56:04 AM
myin.com 8/3/2015 2:56:04 AM
newbox.com 8/3/2015 2:56:04 AM
ww9.com 8/3/2015 2:56:04 AM
xinhai.com 8/3/2015 2:56:04 AM
pande.com 8/3/2015 2:56:05 AM

Of cause I changed PW after I know stolen.
Also eNom answer me below at 31th July.

*****************
Response Transfer Disputes via Email 07/31/2015 01:13 PM
Hello,
Thank you for contacting us. We have opened an investigation into this matter.
Our first step has been to send an inquiry to the domain's current registrar, eName.com, to retrieve the Form Of Authorization (FOA) so that we can review the specifics of the transfer.
Once that has been received, we will update you.
Regards,
Transfer Disputes
******************

They wrote "We have opened an investigation into this matter"
But 4 days later 6 more domains transfer out from my eNom account.
Stolen more.

Disappointed.

Nothing have credibility.

If you have same problem, how to do?


toho

 

[katherine]

Judging by recent cases, ename are not very cooperative.
I already expect the predictable outcome: the transfer has been duly authorized (not by you of course), nothing to do. Enom will probably not go the extra mile.

You might have to appoint a lawyer to subpoena the registrar in order to obtain the login IP addresses. I don't even think Enom will give you this information... why not, it's your user account after all.
Then maybe you'll have to go to court, possibly obtain an injunction to be enforced at the registry itself.

Good luck !

 

[domainoid]

most of your domains are quite valuable. you have a nnn.com even. and so many nnnn.com, some nnn.net.

there is at least one more case not too long ago right here on dnf where enom did what she said, in the end they claimed the transaction was legit. that domainer always said he never authorized it.
go to the legal section on dnf and hire a domain lawyer right away, do not wait!! your loss will be well over a million dollars if you lose these domains just by looking at your list. good luck.

 

[Theo]

Dear Satoshi, it's crazy seeing so many valuable domains stolen. Check your email please.

 

[together4forever]

This is actually insane!!! Did u take up the matter with a legal advice

 

[domainoid]

thank god i don't have any domains worth much with enom right now. they've been on the wrong side of the domain news for quite some time now. always as the registrar domains were stolen from, on their way to ename, where else? and again enom is doing nothing blaming the owner and they'll probably conclude it was a legit domain transaction once again.

toho -- i told you to hire a domain lawyer. there is plenty of good ones on dnf. have you done that? can you also share with us what ip address(es) enom is showing for the person who took the domains? you must force them to disclose that NOW. there is a lady here who represents enom, you ought to contact her. (she's on the enom section posts).
-- the theft includes 489.com for heaven's sake. you could retire on that domain alone. and all those 4N.com. i'd fight this for years if i had to.

 

[TheLegendaryJP]

Sorry to hear this Toho, if I am not mistaken hasn;t this happened to you and friends many times before?

Maybe you are targeted.

 

[Mr. Deleted]

You all need to update each domain's passwords. If you don't, you can have people access them via http://access.enom.com/.

 

[Theo]

You all need to update each domain's passwords. If you don't, you can have people access them via http://access.enom.com/.

That was allegedly the issue with domains that were assigned an individual password. While eNom never confirm this, the issue was patched.

 

[Mr. Deleted]

That was allegedly the issue with domains that were assigned an individual password. While eNom never confirm this, the issue was patched.

I know I had a domain that was in a friend's account years ago, that I was able to access by using that link.

 

[Theo]

That link requires a preset password. It can't be a blank. Have you notified Bari?

 

[Mr. Deleted]

I just logged into one of my enom account domains via access.enom, and can edit contact information Etc., but not sure about how to access the auth codes now, I assume that is what you mean by a bug in the system, that you could get a domain's admin changed and get their auth code?
 
That was a password I had set previously, but that was years ago. Today, the only things you can edit is contact/ dns type stuff, not steal the name.

And there is no option there to get the auth code, so even if they could get this far, they would need to have access to the main account to get the auth code.

 

[Theo]

When you have a reseller account, you'd create an account for a domain you sold (temporary or permanent) and give that info to the buyer. Access.enom.com is for that purpose. So any domains that had their temp passwords unchanged still provided access. AFAIK, that method asks for no other verification e.g. two way auth either.
 
The problem is when these passwords were very easy to guess. The captcha was added at some point to reduce the number of brute force attacks from what I understand. Not sure what is eNom's position in all this.

 

[Mr. Deleted]

I can tell you one thing, Namecheap has a similar bug in their system, although when I told them, they changed it somewhat, but you can still change dns on domains you push, if you give a 3rd party account editing rights before you push it...

 

[domainoid]

quite clear enom has too many holes in their security. enom resellers who use enom as registrar must be avoided as well. looked for a thread where the domainer who had very valuable names stolen from his enom account was told in the end by enom that they found the transfers or illegal pushes out of his account "legitimate".

--but here are two threads worth reading. enom and moniker now the two registrars you must stay away from.

https://www.dnforum.com/threads/enom-sucks-stay-away-from-enom-enom-reviews.530581/
https://www.dnforum.com/threads/domains-stolen-do-not-buy.527365/

 

[clicktech]

Hi, poor Toho,
May you update that have you sued doster.com on CM.com and the result?