The only way the domain would be able to be moved from Go Daddy would be if the person stealing the name had access to the account, that's the only way to request the transfer authorization / epp code. Their support requires either a pin or last 6 of a CC used on the account to validate callers, if you can provide that they'll update the email on file and help reset the password, but he said his account email is unchanged. So the person taking the name would either have to know the account password, or have access to the email address on file where the reset requests are sent.
Given that this would have to happen from inside the customer account, I can understand why Go Daddy would want to confirm that this was indeed a nefarious act and not something like a domain being sold, transferred, then reported stolen to keep the cash and get the domain back. Or any number of other scenarios one might think of - shady domain stuff happens a lot. I can only imagine the hoops required to jump through for a registrar to get a domain back from another registrar under these circumstances.
"The only way the domain would be able to be moved"
Not sure that's the only way. That's like saying the only way you could get credit card information from Sony's playstation servers was if you worked in Sony's billing department.
Not saying this is necessarily a hack, as it most likely is insecure practices on the part of the user, be it passwords or phishing. But seeing a cluster of them raises some concerns that it could be some otherwise unknown method.
Thanks, I agree, 'the only way' is probably too absolute a phrasing.
I do wonder if the reason we see clusters is because they are the largest, and arguably the most publicized, registrar in the U.S., and in terms of market share, the world.
He said on the page that it apparently involved a Gmail hack of some kind, so even if it's not "the only way", it sounds like it was how it was stolen in this case.
Given that this would have to happen from inside the customer account, I can understand why Go Daddy would want to confirm that this was indeed a nefarious act and not something like a domain being sold, transferred, then reported stolen to keep the cash and get the domain back. Or any number of other scenarios one might think of - shady domain stuff happens a lot. I can only imagine the hoops required to jump through for a registrar to get a domain back from another registrar under these circumstances.