from Hacker News

We are a long-time Gandi customer and have hundreds of domains registered with them. After their last hack when one of our domains was serving malware we started reviewing security of our domains (see last hack here: https://domainnamewire.com/2017/07/15/bad-guys-get-gandi-nets-password-technical-provider-redirect-domains/)

What we discovered was very troubling. We managed to transfer domain out of our Gandi account without any authorization from our side. To make matter worse, that domain was protected using Domain-lock feature.

We of course reported that to Gandi. That was 2 months ago. Since then we communicated with Gandi legal department many times and they say they are looking into this but they say we are wrong.

2 weeks ago our patience run out, we have migrated all domains that can be affected by this hack (again verifying that hack is still not fixed) and contemplating what to do next.

We could leave it of course and just wait if Gandi come to their senses, or wait until something bad happens.

What do you think is the best way to deal with this? I am hoping that if that post gets noticed more they will be forced to prioritize this fix.