Flagstream Technologies, an IT firm in Lancaster, PA, discovered that a client’s long‑standing domain vanished from its GoDaddy account on a Saturday afternoon. The domain, protected by dual two‑factor authentication and GoDaddy’s Full Domain Privacy, had been active for 27 years. Within minutes an audit log recorded a “Transfer to Another GoDaddy Account” initiated by an Internal User with no validation.

GoDaddy’s support responded with generic case numbers and instructed the client to “just wait.” Over the next four days Lee Landis, Flagstream’s partner, logged dozens of calls, sent emails to three different GoDaddy addresses, and filed a formal transfer dispute, providing the registrar‑required driver’s license and business documents.

After a 9.6‑hour phone marathon, GoDaddy finally replied, stating the registrant had supplied “necessary documentation” and that the case was closed, without explaining what was submitted. The abrupt resolution forced Flagstream to migrate every subdomain, email address and website to a new domain, erasing years of SEO equity and breaking all existing communications.

A GoDaddy employee in a different account unexpectedly reclaimed the domain weeks later, allowing Flagstream to transfer it back to the client. The incident exposes how internal transfers can bypass even the strongest protection settings and highlights the need for transparent audit trails and accountable escalation processes within domain registrars.