SukiNET
05-25-2006, 09:15 AM
Hello,
Roughly TEN months ago, my NameAlerts account was hijacked by a malicious user. I immediately emailed NameAlerts, who never responded. The sites then either expired and were instantly grabbed by the "spam revenue pointers", or renewed by the user and pointed elsewhere, or sold on for what I presume to be quite a tidy profit.
Tried going through Enom, but they were bloody useless, started quoting the UDRP and trademark resolution.
I emailed NameAlerts again today with a harmless question, "Forgot Password!" - They responded within 3 minutes. Suffice to say I responded with a very lengthy email.
Their response?
Here's some select replies from the banter back and forth.
Every email that you sent in January was replied to, however no reply to our enquiries was received from you. We have copies of our replies on file.
Yes, because Gmail deletes emails randomly.
Gmail actually has a pretty good record of misidentifying legitimate email as spam. Again, copies of the replies that were sent are on-file here.
Yes, but that's what the spam folder is for. Lot's of spam in there, nothing related to a domain though!
Regarding legal action, and again this is said with all due respect, but you used a dictionary word as your account password, it was broken into, you reported the matter, we replied to you on multiple occasions but were unable to get any response from you. There really are no grounds for legal action.
I wasn't threatening them, I merely asked that if I ever took legal action, who the hell would it be against?
Also, my password was a dictionary word? Ten characters long, and certainly a word I've never heard used in everyday conversation, or in a dictionary for that matter. What worries me even further is that they knew my old password? Do they store them as plaintext and allow their employees to read them whenever they want? This would worry me immensely if I had any other domains there.
My response to this: "And I used a dictionary word as my password? You mean to say that you don't store the passwords as MD5 hashes, but in plaintext? And you authorize your employees to look directly at them?"
Suffice to say, all my passwords have been changed yet again.
So, overall - the inability of NameAlerts to respond in a period of less then 10 months has led to me losing all of my domains. (The domains weren't transferred for quite some time after the account was hijacked, but without access to my account, I couldn't stop anything!).
That's a total of 59 domains, and about $80,000 worth of revenue - hence the fact I had to go into a commercial role.
So the moral of this? Stay the hell away from NameAlerts, and warn your friends.
Roughly TEN months ago, my NameAlerts account was hijacked by a malicious user. I immediately emailed NameAlerts, who never responded. The sites then either expired and were instantly grabbed by the "spam revenue pointers", or renewed by the user and pointed elsewhere, or sold on for what I presume to be quite a tidy profit.
Tried going through Enom, but they were bloody useless, started quoting the UDRP and trademark resolution.
I emailed NameAlerts again today with a harmless question, "Forgot Password!" - They responded within 3 minutes. Suffice to say I responded with a very lengthy email.
Their response?
Here's some select replies from the banter back and forth.
Every email that you sent in January was replied to, however no reply to our enquiries was received from you. We have copies of our replies on file.
Yes, because Gmail deletes emails randomly.
Gmail actually has a pretty good record of misidentifying legitimate email as spam. Again, copies of the replies that were sent are on-file here.
Yes, but that's what the spam folder is for. Lot's of spam in there, nothing related to a domain though!
Regarding legal action, and again this is said with all due respect, but you used a dictionary word as your account password, it was broken into, you reported the matter, we replied to you on multiple occasions but were unable to get any response from you. There really are no grounds for legal action.
I wasn't threatening them, I merely asked that if I ever took legal action, who the hell would it be against?
Also, my password was a dictionary word? Ten characters long, and certainly a word I've never heard used in everyday conversation, or in a dictionary for that matter. What worries me even further is that they knew my old password? Do they store them as plaintext and allow their employees to read them whenever they want? This would worry me immensely if I had any other domains there.
My response to this: "And I used a dictionary word as my password? You mean to say that you don't store the passwords as MD5 hashes, but in plaintext? And you authorize your employees to look directly at them?"
Suffice to say, all my passwords have been changed yet again.
So, overall - the inability of NameAlerts to respond in a period of less then 10 months has led to me losing all of my domains. (The domains weren't transferred for quite some time after the account was hijacked, but without access to my account, I couldn't stop anything!).
That's a total of 59 domains, and about $80,000 worth of revenue - hence the fact I had to go into a commercial role.
So the moral of this? Stay the hell away from NameAlerts, and warn your friends.