A story from life: How we recovered a domain after 3 months of fighting

Silence in the ether and 47 dead mailboxes

In June 2023, we received a call from Mr. Robert, who runs a metal processing plant near Częstochowa. His voice trembled because he had just realized that 47 email addresses in his domain had stopped receiving messages from contractors in Germany and France. This wasn't an Outlook problem. Someone overnight had changed the DNS entries, directing all traffic to an empty server. The company was cut off from the world at the peak of the order season.

Quick analysis showed that the domain management panel had been taken over through a change of the main email. A former employee, Sławek, took advantage of the fact that the access data was saved in the browser on a publicly accessible computer in the workshop. This is a classic example of the lack of security procedures in a small company. Estimated losses from that week were 14,300 PLN, not counting the lost trust of foreign partners.

A domain is not just a web address. It's the key to your safe, which you accidentally left in the door.

Fighting bureaucracy at the domain registrar

Recovering a domain is a process that takes time. We sent a total of 124 emails to the technical support department of one of the largest Polish registrars. Each response took them 24 to 48 hours. At Innovation Embassy, we know that in business, every hour is money, but NASK procedures are relentless. We had to provide notarized copies of company documents, which cost the client an extra 380 PLN at a notary on NMP Ave.

The biggest challenge was proving that the change of subscriber data took place without the board's consent. The registrar hid behind regulations and GDPR. Only after presenting evidence from server logs, which showed from what IP the hacking was done, did the ice begin to break. We operate stably and predictably, so step by step we built an evidence file that left no doubt as to who the victim was here.

92 days of uncertainty ended in success

The breakthrough came in the 13th week of the fight. After many letters and the involvement of an external lawyer, the domain registrar recognized our claims. The domain transfer procedure to a secure registrar supervised by us took another 4 business days. On August 28, 2024, the domain returned to its rightful owner. Our technical team, consisting of 5 specialists, worked all night to restore mail backups and the website configuration.

On the occasion of this intervention, we introduced new rules in Mr. Robert's company. Your data stays with you – that's our sacred rule. Now access to the domain is protected by a U2F hardware key, and only the president is the account owner. No employee, even the most trusted one, no longer has the ability to change key parameters without second-stage authorization. It was a costly lesson, but the company survived and today operates more efficiently than before.

When the domain returned, there was such joy in the office as if we had won the contract of a lifetime. And in total, we had.

How not to become the next victim? Facts for the owner

We drew 3 main conclusions from this story, which should be the standard in every company employing over 5 people. First: the domain must be registered to the company (NIP), not to the IT person's or agency's name. Second: the email for password recovery cannot be the private email of anyone on the team. Third: an access audit should be performed once every six months. At Innovation Embassy, we do this for our 67 active clients as part of standard care.

If you have any doubts about who really rules your address on the web, check it today. Don't wait until someone leaves work and takes the keys to your business with them. Technology is meant to serve you, and we are here to make sure no one takes it from you. Our headquarters in Częstochowa is open daily from 8:00 to 16:00, and in critical matters, we react within 3-6 hours.