The owner of RamshackleGlam.com shares her hacking story

Apr 4, 2014 08:27 GMT  ·  By

GoDaddy has once again come under fire for failing to assist the owner of a high-profile website in recovering her domain after it was hijacked. This time, the victim is Jordan Reid, the owner of lifestyle blog RamshackleGlam.com.

According to Reid, last week, she noticed that the domain name she had owned since March 2010 was being auctioned on Flippa.com by an individual using the online nickname “bahbouh.” He was promising the new owner not only traffic, but also all of the site’s files and data at a “buy now” price of $30,000 (€22,000).

bahbouh went as far as suggesting that Reid could be hired to post content on the site after it was sold.

It took her three days to recover the website. Initially, she tried to reach out to Flippa.com to convince the company that she’s the real owner of the website. When that didn’t work, Reid contacted HostMonster, the company that operates RamshackleGlam.com.

They told her she was no longer the owner of the website, after someone used the company’s email confirmation system to authorize the transfer of the domain to a private GoDaddy account. It’s worth noting that Reid is also a customer of GoDaddy.

“From Sunday through Tuesday, I spent most of the day (and much of the night) on the phone with GoDaddy, HostMonster, or both at the same time, and nearly every person I spoke with gave me the same response: ‘Sorry, can’t help you’,” Reid explained in a blog post published earlier this week on her website.

“HostMonster maintained that because they no longer controlled the domain name, there was nothing they could do. GoDaddy maintained that because the account was private and the person had obtained ownership of the domain through a transfer from HostMonster, there was nothing they could do.”

Her case was upgraded after she cited ICANN’s policy on Domain Name Dispute Resolution, but that also turned out to be a dead end.

She then called the FBI. The agency acted immediately and even sent special agents to Reid’s house to interview her. The FBI’s investigation is still ongoing, so not too many details have been shared on this front.

So how did Reid get back her website? She asked the man who first spotted the listing on Flippa to contact bahbouh for a private sale. The hacker initially agreed to let go of the domain before the money for it was transferred to him, but he later changed his mind. He demanded the money up front.

Reid agreed, but as soon as the domain was in her possession, she called up the company responsible for the money transfer and cancelled the payment.

The author of “Ramshackle Glam: The New Mom's Haphazard Guide To (Almost) Having It All" says she’s displeased with both GoDaddy and HostMonster.

“No one at either company questioned my statement (supported by written proof) that the website belonged to me. No one doubted that it had been transferred without my authority,” Redi said, adding that none of the support staff knew how to handle such a situation.

“And once I reached people who could help me – who could literally make a single phone call or push a single button and return my property to me (or simply freeze it so that it could not be sold or destroyed) – they would not,” she noted.

“They hid behind their legal departments and refused to do anything, knowing full well that their inaction would force me to either interact with and pay off a criminal, or lose an essential component of my business.”

We’ve reached out to GoDaddy to hear their side of the story. We’ll update the post in case they respond to our inquiry. At the beginning of February, after a hacker social engineered an employee into handing over a customer account, the company promised to take measures.

Update. GoDaddy has responded to our inquiry. The company says it shouldn't be blamed for the incident. The domain could have been easily recovered if FastDomain, HostMonster's domain registrar, would have requested it back. To see GoDaddy's version of the story, check out our follow-up article.