avatarKunal Mishra

Summary

Sanmay Ved, a former Google employee, briefly owned Google.com after discovering a vulnerability in Google's Domain Registrar Service, which allowed him to purchase the domain for $12.

Abstract

On September 29, 2015, Sanmay Ved stumbled upon an extraordinary situation where Google's Domain interface mistakenly showed Google.com as available for purchase. Acting on this, Ved successfully registered the domain for 12, an amount significantly less than its actual value of over 102 billion. Despite the transaction's success, Google quickly canceled the registration and refunded Ved. This event led to Google rewarding Ved with $6006.13, a figure that numerically spells "Google," which he requested be donated to the Art of Living India Foundation's education program. Ved's experience highlights both the potential for human error in complex systems and the effectiveness of Google's response to such incidents.

Opinions

  • Sanmay Ved expressed his astonishment at the unexpected opportunity to own Google.com, even if it was for a very brief period.
  • Ved, who considers himself a loyal Googler, attributed his temporary ownership of the domain to a stroke of luck and possibly a divine intervention.
  • He believed that the incident was not just about the money, demonstrating his ethical stance by requesting that Google's reward be donated to charity.
  • Google's handling of the situation was seen as swift and professional, with the company acknowledging the vulnerability and rewarding Ved through their Bug Bounty Programme.
  • The incident was contrasted with a similar domain issue experienced by Microsoft, which was less fortunate in quickly resolving their domain lapse.

Theciva

How Google Ended Up Selling Google.com To Its Ex-Employee?

Who Thought A Late Night Search Could Result In This

Photo by Mitchell Luo on Unsplash

“I can’t shake that feeling that I actually owned Google.com,” says Sanmay Ved who bought the world’s most trafficked domain for just $12, though only for a minute. The technical vulnerability he unknowingly discovered in Google’s own Domain Registrar Service allowed him to buy ‘google.com’.

29 September 2015, 10:50 PM IST (1:20 AM ET)

Up late night, Sanmay was exploring Google’s Domain interface when he searched for ‘google.com’.

Google Domain is Google’s very own internet domain name registration service. Launched in 2015, but still in beta.

To Sanmay’s astonishment, Google domains showed ‘Google.com’ to be available for just $12 which is around ₹900.

Google Domains showed google.com to be available. Photo: Sanmay Ved

He clicked on the ‘Add to cart’ icon beside the domain’s listing, which shouldn’t have been there in the first place as Google.com is already registered.

Transaction Confirmation Messages. Photo: Sanmay Ved

The domain got added to his cart instantly. And he could now ‘Proceed to checkout’.

He continued the transaction further, expecting an error saying the transaction couldn’t happen. But he got nothing of an error.

His card was charged $12 and the registration was successful, making him the owner of a domain worth $102,650,332,250.

Two Unusual Emails

Soon as the registration was successful, he received two emails. One from [email protected] and another from [email protected].

Emails Sanmay Received just after registration. Photo: Sanmay Ved

This wasn’t the first time he bought a domain but never had he ever received such emails in the past.

He chose not to disclose the email’s content publicly since it was related to Google.com.

Google.com and its subdomains were now his.

His newly bought domain successfully showed up in his Google Domains order history and on Google’s Search Console (aka Google Webmaster Tools).

He got some messages in Search Console confirming that he has become the verified admin/owner of Google.com.

He started receiving messages concerning the Google domain and its subdomains.

Google cancelled the registration.

A minute or two after the registration, however, Google cancelled it, informing Sanmay through an email. The order history on Google Domains reflected the cancellation.

Cancellation Email From Google. Photo: Sanmay Ved
Google Domain’s Order History. Photo: Sanmay Ved

Sanmay went to Google Domains and searched for ‘google.com’ again. It finally showed as unavailable.

600613.com

Just a day after Indian Prime Minister Narendra Modi’s US trip where he met Google CEO Sundar Pichai, Google gave Sanmay a monetary reward in what Sanmay calls “a very Googley way”.

Sanmay, in his blog, preferred to keep the amount undisclosed.

But Google, later, announced the amount which was $6006.13 (~₹4,50,000). If you’re curious why that amount, it’s because the amount numerically spells out as ‘Google’.

The blog post considered Sanmay a winner of their Bug Bounty Programme where they reward hackers who find a vulnerability in their services.

Sanmay wrote back to Google telling them “It was never about money” and asked Google to donate the whole amount to Art of Living India Foundation.

Google followed his request and donated double the amount to Art Of Living’s education program which runs hundreds of schools across India, providing free education to tens of thousands of poor children.

A Stroke of Luck

Sanmay believes he got lucky when he bought the domain. He had worked for five and a half years at Google before and considers himself a loyal Googler and Xoogler, reporting several vulnerabilities in the past which had gone unnoticed.

He “loves Google to heart” which, he believes, is why some divine force had given him the ownership for a few minutes.

Google still had a better situation than Microsoft

Google isn’t the only company to have a domain issue. Microsoft, in the past, had several times forgot to renew its domain.

In 2003, Microsoft forgot to renew the domain of its webmail service hotmail.co.uk. As a result, Microsoft lost its claim over the domain.

Sanmay had bought ‘google.com’ through Google’s Domain service that helped Google to recover quickly. But in the case of Microsoft, the domain service was The Registrar. So they had no option to get the domain back from a buyer without his discretion.

The domain was available in the open market for anybody to buy. Thankfully, a good-intentioned person got the domain and returned it to Microsoft.

Subscribe to my mailing list, Theciva.

Read More:

Google
Technology
Tech
Domains
Bug Bounty
Recommended from ReadMedium
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarKhaledyassen
How I Found Multiple XSS Vulnerabilities Using Unknown Techniques

Hello, everyone. I hope you are well.

12 min read
avatarArtturi Jalli
I Built an App in 6 Hours that Makes $1,500/Mo

Copy my strategy!

3 min read
avatarHazel Paradise
How I Create Passive Income With No Money

many ways to start a passive income today

5 min read
avatarAbhay Parashar
17 Mindblowing Python Automation Scripts I Use Everyday

Scripts That Increased My Productivity and Performance

14 min read
avatarAfan Khan
Microsoft is ditching React

Here’s why Microsoft considers React a mistake for Edge.

6 min read