(no title)

> I registered a new domain at one registrar and immediately asked they change the IPS tag to another. A coworker [saw] ... the tag change, but then I got distracted looking for cake/looking over their shoulder. They set up a new account at the second registrar and claimed the domain, using no secret information and without either registrar or Nominet gaining my consent.

To be clear, the IPS was (is?) publicly visible. So you could poll a list of domains looking for it.

It's worth noting that even if you registered .co.uk with e.g. Gandi, you still get a separate Nominet account with it's own authentication. It doesn't matter if you add 2FA etc - after such a transfer, the domain was registered to a different nominet account.