Hello everyone, I’ve recently had an unsettling experience with Nominet that makes me question the safety of my UK domains. I don’t want to go too deep with specifics because this investigation is still on-going. Anyway, I own about 40 UK domains, all them being 1 and 2 word domains, and a few days ago I couldn’t login to my Nominet account – after several unsuccessful login attempts I decided to change my password using the “Access Your Account” section of Nominet. After waiting 24 hours and still no reply I decided to check my account with my registrar and that’s when I noticed one of my UK domains had vanished from my account. To cut a long story short, someone had changed the email address associated with my Nominet account and reset the password to gain access. Then transferred one of my domains into a separate Nominet account, re-tagged it and then transferred it again into their own Nominet account. I could have lost all of my UK domains but I got Nominet to lock the account before anything else could be re-tagged. What I wanted to know more than anything was “how did they manage to reset the email address associated with the Nominet account?” Nominet said it was done by my registrar!? But I thought registrars couldn’t alter the details on a Nominet account but apparently, according to Nominet, they can change anything accept the whois details (ownership info). Anyhow, my question is this; “Can a registrar change the admin email associated with a Nominet account?” If so, how without permission from myself? I now know the person responsible for all this and I want to prosecute. Just to clarify, they’ve fraudulently gained access to my account which has all my person details listed, then change my details to their own, transfer one domain out of the account and pay the £10 transfer charge, then leave my account in limbo. Who knows what else they would have done if I didn’t get Nominet to lock it down. I had to write a letter to Nominet explaining the situation before they released my account back to me, which they did today, but I will have to wait while Monday before I get the stolen domain back. My main goal is to find out how this happened, how this can be prevented from happening again and to sue the hell out of the thieving git who stole my domains. Any advice would be greatly appreciated, especially with the suing part. Do I contact the cyber division of the police!? Thanks for reading.