We had 9 of our domains hijacked last week. We have been able to retrieve all 9 of them through considerable red tape.
The hacker also stole our forum and uploaded it to one of his $1.00 domains. He has just mass emailed all our forum members asking for donations through Paypal. We contacted PayPal to try to stop this.
He has tried (and failed) to sell all of our domains on sitepoint.
Can anything else be done? This hacker/hijacker needs to be stopped.
Please make sure all of your passwords to your registrars and hosting companies are secure and unguessable.
If the registrar did exactly as agreed upon, they weren't necessarily lax. Read your agreement and you'll likely find it's your responsibility to ensure any and all your account passwords are secure.
If user A accessed his account from Virginia in March, then accessed it while on vacation in Vietnam in April, should he be blocked and required to call that registrar for verification? While that can certainly help in preventing a possible hijack, it can also inconvenience an nth number of users.
Probably a matter of which number is greater, I guess.