The details: Someone has managed to (mostly) steal one of my domains — retry.com. They appear to have done this by:
- changing the contact address for my account at my domain registrar (gandi.net)
- using the gandi.net lost password mechanism to request a new password for my account
- logging into my account and initiating a domain ownership transfer
The only reason that I am able to defend my other domains from being stolen is that I'm still logged into gandi.net's website. I am making sure that I do something at least every few minutes so that the session does not timeout. If I loose the session then I can't log back in again since they changed the password after I logged in. I am not able to use the gandi.net lost password mechanism to get the password back again since the site only allows the mechanism to be used once per day.
My plan is to keep monitoring the account until gandi.net — located in France — opens for business tomorrow (around midnight MST tonight in the US/Canada). This should work as long as my session to the gandi.net site does not timeout although life would be simpler if someone could put me in touch with someone at gandi.net who could simply turn off my accounts until the dust settles (there are two of my accounts involved as near as I can tell).
One interesting bit is that they changed the contact address on my gandi.net account to email@example.com. There's a blog article here describing a different domain theft that happened a few days ago and which used the same firstname.lastname@example.org e-mail address."