Updated November 13, 2024
Someone stole the domain name Perl.com. They thought it was just a domain name snafu, but in fact it was stolen, transferred from one domain name registrar to another without the owner’s permission.
I am seeing more and more domain names get stolen recently, especially as the value of domain names goes up. This has been a trend over the past few years, and that’s why I’ve written this post. Some domain names are selling hundreds of thousands of dollars. But that’s not that important if you’re domain name is stolen and your website is down, you’re losing business, and you no longer have access to your email. So, it’s imperative that you protect this valuable digital asset that you own. If you suddenly find that someone stole your domain name from you, then you need to act quickly. The longer you wait the more difficult it will be to recover. Here’s what you need to do if someone stole your domain name.
Lots of Stolen Domain Names are Inside Jobs
In many cases of stolen domain names, the person responsible for the theft is someone familiar to the organization. For instance, a recent situation involved the Chief Technology Officer (CTO) of a company who had access to all the company’s login credentials, including its domain registrar account at GoDaddy. The CTO, for reasons of his own, logged into the company’s account, transferred the domain name to himself, and claimed sole ownership. He then demanded $50,000 from the company to return the domain name. This is a form of cybercrime, involving both the theft of the domain name and extortion.
If you find yourself in a similar position, where someone like a former employee, vendor, or web designer has taken control of your domain name, the domain registrar is unlikely to help you retrieve it. In the case of a known individual, the registrar may view it as a legal issue rather than a technical one. To resolve this, you would likely need the assistance of a third-party service, such as DNAccess.com, or an experienced domain name attorney to handle the legal process and recover the domain. Taking proactive steps, such as tightening access controls, can help prevent this type of theft.
Be Wary of Giving Your Web Developer or Designer Access
Please, please please be wary of any web designer, web developer, SEO firm, or digital marketing agency that is asking for the login information to your domain name registrar. Web Desgigners don’t need access to your domain name registrar account in order to design your website and put up your website. In fact, they only need to tell you where you need to “point” the domain name, and those are settings in the DNS on the domain name. You may trust your web designer to log into your domain name registrar’s account, but it’s a huge security risk. Not all web designers, SEO firms, or agencies are untrustworthy. But, I’ve dealt with way to many stolen domain names where the web designer was given access to a GoDaddy account (or another registrar account), and they transferred the domain name to themselves, essentially stealing the domain name. Then, later on, they’ll own YOUR domain name, and will want $thousands$ to “give you back your domain name”. When someone steals your domain name, especially like this, it is a cybercrime, and should be treated as such. It could also lead to being extortion, as they are asking for more money just to return something that’s yours in the first place: your domain name. You should always own your domain name, no one should ever own your domain name. Especially if they’re building a website for you. If you don’t like the website, or they’re asking for more money, and they’re holding your domain name hostage, you can’t simply just point your domain name to another website provider–because you don’t own your domain name. As I mentioned, please be wary of anyone who wants access to your domain name registrar account.
Domain Name Theft is a Big Problem
Domain name theft, people stealing domain names, is a much bigger problem then a lot of people realize. In the past 3 years of working on stolen domain name cases, nothing amazes me anymore–because there are so many ways that someone can steal a domain name. Sometimes it’s because of a lack in security practices–such as someone getting into your email (i.e., Gmail, Outlook, etc.) account, and you not having that secure. But other times, access is given to a web designer, web developer, SEO, or even an employee. I’ve even recovered stolen domain names for clients whose cell phone suffered a SIM-swap from a cell phone company employee. When this client (a celebrity) went to upgrade his phone, the phone provider’s employee copied the SIM card in the back of the store, and proceeded to steal all of the celebrity’s domain names. Whatever the case, I can’t emphasize enough that your domain name is one of your most valuable assets: you rely on it for email, for your website, and it could be a very valuable domain name. But most people and companies do NOT take enough security precautions to protect this valuable asset. Here’s an example.
I got a call from a business owner who owned a fashion brand. She had a store in New York City and in Los Angeles. Each store had its own ecommerce store and sold clothes online, as well as fashion accessories. The New York City’s domain name got stolen. The Squarespace account was accessed without permission, the domain name transferred out to another domain name registrar. Luckily she noticed that the website was down, found DNAccess.com, and I was able to get the domain name recovered and the website back up and running in about a week. Yes, it took that long to go through the lengthy process of waiting for another domain name registrar to do their job. We had the necessary paperwork signed, notarized and submitted within hours. But the domain name was stolen, and the business owner lost about $100,000 of sales in the week the website was gone. Emails didn’t work either, so the business owner doesn’t know how many opportunities were lost for her fashion brand.
Below I’ll go through the process of what you need to figure out first if your website is down and your domain name is not in your domain name registrar account. Then I’ll give you the resources and additional information about recovering a stolen domain name. Of course, if you have any questions at all about domain names, stolen domain names, or what you need to do, get in touch ASAP. The time is of the essence here: the longer it takes for you to do something the more difficult it is to recover your stolen domain name.
Is Your Domain Name Really Stolen?
First, you need to figure out whether or not the domain name is really stolen or not. What determines whether or not it has been stolen is the status of the domain name. You must register your domain name and renew it every year. If you don’t pay the annual renewal fee, then it will expire. Once a domain name expires, it will be in a ‘holding period’ where you have a chance to renew it for an additional fee. After that period of time, the domain name will eventually “drop” and become available on a first-come first-served basis for anyone to register it. If someone else register it, the domain name is no longer “your domain name”.
Process for Expired Domain Names
A domain name, when it is not renewed by its current owner, goes through a process before someone else can register the domain name. Here is the process:
- Domain Name Expires, it was not renewed.
- Domain Name is on hold, owner can pay a fee to get it back.
- Domain name is in a “pending delete” status.
- Domain name “drops”, and is available for anyone to register.
That is the overall process, and it takes about 90 days to go through that process. If the domain name gets to the “drop” date, there is an actual date and time (and second) when the domain name is available for anyone to register. Some domain name registrars will sell the domain name to the highest bidder before it gets to the final stage.
Domain Name Theft
Theft of a domain name occurs when a domain name has been renewed, and is not currently expiring and has not expired. Someone, the domain thief, will somehow gain access to the account at the domain name registrar, where the domain name is registered. Let’s say you’ve registered your domain name for 5 years into the future (which is recommended), and someone gains access to your account, they transfer the domain name to another account, and then they transfer the domain name to another domain name registrar. Is the domain name stolen? Has someone stolen my domain name? Yes, it is stolen.
Domain Name Theft is On the Rise
In the past several weeks, I have witnessed several domain names that I can confirm were, in fact, stolen from their owners. These valuable domain names were stolen, and as of writing this post, none of them have been recovered and returned to their owners:
- Perl.com – stolen around Jan 27 2021 (recovered)
- Neurologist.com – stolen around Jan 27 2021
- Chip.com – stolen around Jan 27, 2021
- Patterns.com – stolen around December 8, 2020 (recovered but then stolen again!)
- Piracy.com – stolen around December 8, 2020
- ChampionshipRings.com – stolen in December 2024
- Two-letter domain name (domain not being disclosed at this time).
- For a full list of confirmed stolen domain names, see ConfirmedStolen.com. The list is updated regularly.
All of these domain names were stolen by a domain name thief. What I suspect is that the domain name thief gained access to the domain name registrar account(s) involved and then transferred the domain names to another domain name registrar. In some cases, they will change the ownership record so that it shows that the domain name is under “privacy“, and the contact details are hidden. Then, once they transfer the domain name to another domain name registrar, they will un-hide the domain name ownership details and put the ‘old’ owner details in place of the private details. That way it “looks like” they original owner still owns the domain name, but the domain name is in the thief’s account. In all of the cases listed above, the domain name thief has tried to sell the domain names for about 10 percent of what they are actually worth. They’ll list them on websites such as Afternic.com and Sedo.com.
Why People Steal Domain Names
Why do thieves steal domain names? There are several reasons, but it’s mainly money. I believe they see it as a way to do something that they will profit from. They will hack into an account, transfer the domain name to themselves, and then sell the domain name. They’ll list it for 10 percent or 20 percent of the value of the domain name. Other reasons why people steal domain names is revenge, blackmail, and other nefarious reasons. For example, in many cases that I see, web designers, web developers, and former employees will have access to the domain name registrar account–and they’ll transfer the domain name to themselves, thus stealing the domain. Then, they’ll use blackmail to tell the domain owner that they must pay them more money to get their domain name back. Most domain registrars won’t get involved if you know who stole the domain name: they say it’s a civil matter.
What To Do If Your Domain Name is Stolen
If your domain name is stolen, then, as I mentioned, make absolutely positively certain that you didn’t fail to renew the domain name. Log into your domain name account at the registrar and see if the domain name is still in your account there. Look in your email (such as your spam folder) to see if you have received any emails about renewing the domain name. If you haven’t, and you are certain that it has been renewed for at least a year in the future, then contact the domain name registrar. Check the WHOIS record. Make sure that you don’t still own the domain name. If you want to investigate what happened yourself, you can look at the WHOIS archived records (several services offer this service, such as Domain Tools and DomainIQ). If it’s stolen, then you should contact your domain name registrar.
How to Check who Owns a Domain Name
You can check who owns a domain name currently, by looking up the of that domain name. There are several websites, including these, where you can find the current owner:
- Domain Tools – https://whois.domaintools.com/
- ICANN WHOIS – https://lookup.icann.org/
- GoDaddy WHOIS – https://who.godaddy.com/
- DomainIQ – https://www.domainiq.com/
Stolen Domain Name Checklist
If your domain name is, in fact stolen, there are things that you need to do right away. Don’t wait, don’t even wait until “tomorrow” to do it. Here’s my checklist if your domain name is stolen:
- Check the WHOIS record to see who owns the domain name now.
- Make sure the domain name didn’t expire and just needs to be renewed.
- Log into your domain name registrar account. See if the domain name is there.
- If the domain name is not in your account, contact your registrar using their support system.
- Work with your current domain name registrar to see if they will help recover the domain.
- Contact me and let me know that the domain name is stolen. I keep a list of stolen domain names.
It should only take up to a few days for the domain name to be properly restored in your account at your registrar if it was stolen. The domain name does need to be transferred back to your domain name registrar, so that can technically take up to 5 days for that to happen. But, if you’re not happy with how quickly it’s going, then you need to escalate it.
In the cases of the premium domain names I mentioned earlier that were stolen, a few things happened. A few of the domain names were part of a security breach that occurred at the registrar about a year ago, and the domain name owner(s) just noticed, months later, that they no longer owned the domain names. Someone had used the compromised data (user ID and password) to gain access to the account and transferred the domain name(s) to another registrar in China. With the other domain names, my understanding is possibly the domain names were socially engineered via web chat, and the registrar was presented with fake ID and documents to prove ownership. Those are two different ways that domain names can be stolen. I don’t know for certain that those are the ways that these domain names were, in fact stolen.
Protecting Your Domain Name
There are several ways to make sure that you protect your domain name from being stolen. Protect the domain name at your current registrar, move it to a more secure domain name registar, and take advantage of all of the domain name protections that the registrar offers.
- Register your domain name for at least 5 years in advance. This way there will be no question as to whether or not it expired or not. If expires soon, then it’s possible that a credit card won’t go through, you might not get a reminder, or another clerical issue could come up.
- Use Domain Lock, Executive Lock, or whatever the domain registrar calls that feature. The domain name cannot be transferred unless it is unlocked. Some registrars offer a service that allows you to give instructions. For example, you can tell them to call a certain phone number or you must give them a certain password before it can be unlocked.
- Implement 2FA (2 Factor Authentication) on the domain name. While this is not fail-proof, it can help secure the domain name. Someone cannot log into the account unless you get a text message with a code, for example.
- Move to a more secure domain name registrar. Some registrars keep getting their domain names stolen, and they are using 20-year-old technology and systems for their back processing. Some registrars are just more secure than others.
If someone stole your domain name, then you will lose access to email, your website will go down, and you’ll lose that digital asset that quite possibly be very valuable. Unfortunately I’m seeing more and more domain name thefts occur recently, and it’s time to make sure that your domain name is protected.
Recovering Your Stolen Domain Name
Let’s look at the story of the domain name Patterns.com, which was stolen from the owner’s Network Solutions domain name registrar account. I detailed what happened here in this post. But, essentially the domain name was stolen–my service/company stepped up to the plate and, after several attempts to recover the domain name without taking “legal” action, they worked with Epik.com’s legal team to file a UDRP domain name dispute to recover the domain name. Sometimes this is necessary (the filing of a UDRP). The outcome of the UDRP was that the owner had been doing business with that domain name and had a “commonlaw trademark”. And, the panelist mentioned that the domain name was obtained “through fraudulent means”. Meaning that they stole the domain name.
I’m the former Director of DNProtect that provided stolen domain name recovery services, having recovered hundreds of domain names for clients. I now run DNAccess.com, providing the same stolen domain name recovery services. I’ve personally recovered over 500+ domain names for clients in the past year.
When it comes to domain name recovery, you can’t just rely on your domain name’s registrar’s customer support to handle this for you. You need to get to the right people at your domain name registrar quickly: you need someone like myself that has the personal contacts at domain name registrars, and knows the processes and procedures intimately so that you can get your domain name back quickly. Contact me or Hartzer Consulting to get your domain name back.
The Dark Side of the Domain Name Industry
Interested in learning more about the dark side of the domain name industry? I’ve written a post here that covers the dark side of domain names. I spoke about the Dark Side of Domain Names at the NamesCon conference in Austin, Texas, held June 5-8, 2024.
FAQs about Domain Name Theft and Recovery
What is domain name theft?
Domain name theft occurs when someone gains unauthorized access to your domain registrar account and transfers the domain to themselves. It often involves cybercrime tactics such as hacking or social engineering.
How can I tell if my domain name has been stolen?
You can verify whether your domain name has been stolen by checking if it’s still in your domain registrar account and reviewing the WHOIS record for any changes in ownership.
What should I do if my domain name is stolen?
Immediately check the WHOIS record, log into your registrar account, and contact your registrar’s support system. If necessary, seek the help of a domain name recovery service like DNAccess.com.
Is domain theft common?
Yes, domain theft is on the rise. Many cases involve hackers or individuals with inside access, such as employees or web designers, who misuse login credentials to transfer domains illegally.
How long does it take to recover a stolen domain name?
The recovery process can take a few days to a week, depending on the registrar and legal processes involved. In some cases, filing a UDRP (Uniform Domain-Name Dispute-Resolution Policy) may be necessary.
What are the risks of not recovering a stolen domain quickly?
You may lose access to your email, website, and other digital assets. Additionally, the thief may try to sell your domain, causing financial losses and disruption to your business.
How can I protect my domain name from being stolen?
Register your domain name for at least five years, use domain locks, enable two-factor authentication (2FA), and consider moving to a more secure domain registrar.
What can lead to domain theft?
Common causes include weak security practices, compromised email accounts, SIM-swaps, and giving access to trusted individuals like employees or web designers without proper controls.
What is the process for recovering a stolen domain name?
Recovery involves verifying ownership through WHOIS records, contacting the domain registrar, and potentially working with legal services or domain recovery experts like DNAccess.com.
Why don’t domain registrars get involved in disputes over stolen domains?
Most domain registrars view domain theft as a legal issue, especially if the thief is a known individual like a former employee. They may require legal action to resolve the situation.