Domain Name Theft

Domain theft, also known as domain hijacking, is the practice of changing a domain name’s registration without the permission of the domain’s original registrant.  While many may assume that domain hijacking is accomplished through nefarious methods, domain hijackers most commonly acquire a domain owner’s personal information in order to persuade the domain registrar to transfer the domain to the hijacker.  Because there are currently no specific international or federal laws that explicitly criminalize domain theft, recovering hijacked domains can often be difficult, time-consuming, and expensive.  Safeguarding credentials for the domain registration account, in particular maintaining secure passwords that are changed periodically, is one of the best steps to avoid domain theft.    

Domain Hijacking Through Account Access

One of the most common ways domain theft happen is where the hijackers either through fraud or hacking the domain owner’s accounts gains access to the domain registration account and simply transfers ownership of the domain.  This often results in the domain registration being transferred to an entity in foreign countries making legal recourse difficult.  Another method of domain hijacking is via the hosting or registrar companies as opposed to through the domain owner’s systems.  In this method, the hijackers may stop or cancel a customer’s payment to renew the domain registration so that the registration expires and is obtained by the hijacker.  Domain hijackers may even fraudulently enter whois-data to access the domain registration account.  

Reversing Domain Theft

Responding to domain theft can be difficult.  For domains that have trademark protection, a trademark infringement lawsuit or claims for violation of the Anti-Cybersquatting Consumer Protection Act (ACPA) are a possibility.  The domain owner may also employ a UDRP domain name dispute proceeding under ICANN or UDRP. These proceedings are typically less expensive than a trademark infringement/ACPA lawsuit filed in federal court.  

In other cases, the domain owner may have to pay a blackmail or ransom payment to obtain the domain registration back.  Other times, registration information can be simply returned to its original state by the current registrar.  Finally, if the domain credentials have been comprised by an ex-employee or disgruntled vendor, a lawsuit seeking injunctive relief may be the quickest path to recovering the domain name.  Texas is one of the few states that allows for pre-suit depositions.  If an ex-employee, vendor, or other known person is suspected of domain theft, filing for a pre-suit deposition may be the best option.    

If domain theft occurs, an Internet attorney experienced in domain hijacking as well as trademark law is likely the best starting point to recover the domain.  

For more insights on domain theft legal issues, see our Internet Law & eCommerce Legal Services Overview and eCommerce Industry Legal Solutions pages.

Sign up for and explore our content and thought leadership here.

About the Firm:

Klemchuk LLP is a litigation, intellectual property, transactional, and international business law firm dedicated to protecting innovation. The firm provides tailored legal solutions to industries including software, technology, retail, real estate, consumer goods, ecommerce, telecommunications, restaurant, energy, media, and professional services. The firm focuses on serving mid-market companies seeking long-term, value-added relationships with a law firm. Learn more about experiencing law practiced differently and our local counsel practice.

The firm publishes Intellectual Property Trends (latest developments in IP law), Conversations with Innovators (interviews with thought leaders), Leaders in Law (insights from law leaders), Culture Counts (thoughts on law firm culture and business), and Legal Insights (in-depth analysis of IP, litigation, and transactional law).