Domains Were Stolen In Enom, What Should I Do?

[actnow]

All registrars should keep track and supply IP addresses that logged in.
Gmail and most of the hosting companies display the last couple ip addresses that logged in.

I have complained to Enom about not having this info readily available.
I don't think they care.

Why doesn't Enom offer 2 step authentication?
Because, customer satisfaction and safety are not a priority.

 

[jrzeygirl]

Umm... YES, we do care actnow! It was proven there was no foul play regarding these domains and the transfers out of eNom were in fact legit.
We do offer additional security (on the back end) called Account Level Access Controls. Feel free to contact me directly for more information.

 

[Theo]

It's not just eNom, every registrar that loses the assets of a client through an infiltration of their system can be held liable for the loss. Thus, such info can only be subpenaed with a court order. This is 100% the fault of the bureaucrats at ICANN.

 

[Theo]

Bari, what exactly is a legit transfer out? That the thief had full access to the credentials to the account? That's like saying that a car was stolen from the curb by using a copy of the owner's keys.

 

[Theo]

Another reason there needs to be a stronger definition of 'ownership' of domains. There should be titles issued, that would lock any domain to a person or company and without which no transfer out from a registrar would be legitimized.

In this case here, you have an owner who lost a considerable amount of assets telling you the domains were stolen, how can you tag the transfer out as legit?

 

[jrzeygirl]

Theo - When I said "legit transfer out" I meant that the account was logged into using the password and the transfer validation emails were in fact, authorized.

 

[jrzeygirl]

Theo - When I said "legit transfer out" I meant that the account was logged into using the password and the transfer validation emails were in fact, authorized.

 

[Theo]

Yes, I fully understand that, hence my car example. So someone got hold of the credentials, passed all security questions with flying colors and transferred the domains out. But it wasn't the owner.

 

[wappy]

Mr. Brett help me to file the complaint to court. I just heard that the similar thing happend just two days later after my loss. The thief log in the owner's account, also with security questions, push to another acoount and transferred to Godaddy. It should be the same theif. We both doubt how they can know our secutiry answers. Now there are some "bad rumors" of eNom in our invenstor's group. So be careful.

 

[Millering]

The recent cases are that domains were stolen/pushed to another account of ENOM first, then transferred away to another registrar. The transfer away seems legit, but the domain push to another account wasn't and ENOM just doesn't care. This is ridiculous .

 

[katherine]

Theo - When I said "legit transfer out" I meant that the account was logged into using the password and the transfer validation emails were in fact, authorized.

The registrars could should be as paranoid as Paypal. If you always log in from the same country, and suddenly 'somebody' logs in to your account from a Chinese IP address, and initiates a domain transfer request - this should raise a red flag.
I thought outgoing domain transfers might be scrutinized a little bit, at least the dodgy requests.

 

[jeffhuang]

wappy, I'm sorry to hear that you had to start a law suit. I had same experience with you. eNom didn't help me at all. Their conclusion 'the transfer were valid' is a great news to the thief. If eNom is keeping doing things in this way, there would be more and more criminal activities happen in the future, and there would be more and more victims.

Anyway, please share your progress in this post. We'd love to hear from you. Good luck!

 

[katherine]

But the lawsuit didn't shed any light on the exact circumstances under which the theft took place ?