Locked out of GoDaddy account - Stolen

[moaead]

We have a startup and I have domain for more than 5+ years an employee joined us and worked for less than a year and he joined 2 years after we bought the domain.

He changed the name on the account and added 2-factor auth. He was fired from the company but he never handed the 2-factor auth he only gave the password for the account.

I do own the email for the account and I have been trying to contact recovery team multiple times giving them the employee passport + ID and the current CEO who actually bought the domain with his name and email and sent the ID as well.

But they keep asking me to get the employee to hold the ID and take a photo while holding... but the employee left in bad terms and now he put the domain for sale...

We are filling law suits on the employee but he left the country where the company is but still we are filling 2 law suits one in each country.

What really upsets me is, I have given GoDaddy so many proofs that the CEO has paid for the domain all the way. it's still even in the account and trying to charge but we stopped the card so all payments are failing and we have more than 3 domains not just one. and both now are not being paid because the employee is not willing to spend money.

Appreciate any help, and again I have so many proofs that we do own it not him. he joined for a small while and changed all details and I have the invoices and emails from the employee saying he has given all access and email from him sharing the GoDaddy login. (but we didn't know at the time that he added his private mobile number (Indian).

Thanks!

 

[Future Sensors]

@GoDaddy

 

[Chris Hydrick]

@GoDaddy

This doesn't seem* like the type of issue that's going to be fixed on a forum.

he joined for a small while and changed all details and I have the invoices and emails from the employee saying he has given all access and email from him sharing the GoDaddy login. (but we didn't know at the time that he added his private mobile number (Indian)

It sounds like you tried logging into the account, but the 2-factor authentication prompted a code that was sent to your ex employee's phone?

I do own the email for the account and I have been trying to contact recovery team multiple times giving them the employee passport + ID

But they keep asking me to get the employee to hold the ID and take a photo while holding... but the employee left in bad terms and now he put the domain for sale...

Hopefully you are legally allowed to send an ex-employee's passport and ID to GoDaddy.

We have a startup and I have domain for more than 5+ years an employee joined us and worked for less than a year and he joined 2 years after we bought the domain.

You mentioned the domain being for sale, does the domain currently or did the domain ever direct to your developed business?

We are filling law suits on the employee but he left the country where the company is but still we are filling 2 law suits one in each country.

If need be, this may be something where the domains can be recovered via UDRP if you can prove all 3:

1. Identity: The domain name in question is identical or confusingly similar to the complainant's trademark.
2. Lack of Rights or Legitimate Interests: The respondent has no rights or legitimate interests in the domain name.
3. Bad Faith: The respondent registered or is using the domain name in bad faith.

 

[Future Sensors]

This doesn't like the type of issue that's going to be fixed on a forum.

So true, just wanted to tag them for awareness.

 

[AEProgram]

Hire a lawyer that is an expert with domains and if you are the real owner get a court order, GD will respect it. Court orders have been used to get domains out of pending delete. If you hire a lawyer that does not understand domains, you will probably not be successful.

 

[Gabriel360]

Read something like this on the domain subreddit. But the employee is currently trying to sell the domain name for $50k.

OP, are you the same person?

By the way, you need to ACTIVATE the card linked to the GoDaddy account. If GoDaddy isn't able to charge renewal fee for the domain names, you could end up LOSING all 3 domain names to expiration.

And GoDaddy would sell them to other people who would have legitimate right to the domain names unlike the current guy.

First thing to do now is to reactivate the cards so GoDaddy can renew your names. You could impose a limit on the card if you wish, but activate them.

Secondly, reach out to @bhartzer . He is a domain recovery expert. See if he's able to help you.

Finally, a UDRP is not such a bad idea in addition to the suits you've filed. If you want to file a UDRP, talk to @jberryhill . He's the best. He'll let you know if a UDRP is advisable.

Good luck!

 

[jberryhill]

We are filling law suits on the employee but he left the country where the company is but still we are filling 2 law suits one in each country.

You only need to file one action in Arizona, where GoDaddy is located, in order to seek an emergency order restoring the name to the company. There is no point in filing actions elsewhere. The domain name registrar who controls the name is located in Arizona and will implement any order you get from an Arizona court. Likewise, all transactions, etc. involving the name occurred in Arizona.

Incidentally @Gabriel360 , UDRP's are a minor part of what I do. I will probably wrap up this year with seven or eight UDRP's, but nobody is making a living doing that.

Appreciate any help, and again I have so many proofs that we do own it not him.

Having seen these sorts of things from the registrar side, I can tell you that there is very little "proof" you can provide electronically which cannot be faked, and people send fake things to registrars ALL DAY LONG in order to get names they claim were "stolen" from them.

As it turns out, a lot of businesses get into internal power struggles where co-founders, employees, and outside vendors argue over who is supposed to be in charge of a domain name, and they expect the registrar to sort out these kinds of arguments. But, as I mentioned above, getting a registrar to transfer a domain name based on claims that it was stolen can be challenging, but not impossible. However, in a LOT of instances, since there really is no good way to indicate whether a domain name in someone's account is "supposed" to belong to the company or to the individual in charge of the account, most registrars would prefer if you simply filed an action in the local court against whoever it is that has the domain name and isn't supposed to, and get an order telling the registrar where to send the name.

There are a number of informal procedures that registrars have worked out to address these situations, but every one has its own factual wrinkles, and one thing I can tell you with confidence is that if you do an initial sloppy job of providing the facts to the registrar, or if you get a fact wrong, your chances of success are going to be very low.

But if the domain name is at GoDaddy, there is no reason to pursue legal action anywhere other than in Arizona. This, for example, is a stolen name case which I filed (via local counsel), but which was not an emergency situation, and ultimately was resolved with the person who purchased the domain name from the hi-jacker - https://www.courtlistener.com/docket/68044841/estate-of-ellen-black-v-projecthindsightcom/

What helped to reach a resolution in that case was getting discovery materials from GoDaddy which helped identify the actual thief, and brought down the temperature that had risen between the victim and the purchaser, who was a competitor of the victim and whom the victim believed to be the thief.

So, apples to oranges in terms of specific facts, but pursuing a law suit in some other country over a misappropriated domain name is not a direct path to getting the name back under control.