Security News > 2021 > March > Fiserv Forgets to Buy Domain It Used as System Default

Fiserv Forgets to Buy Domain It Used as System Default
2021-03-18 20:15

Fiserv, a multi-billion-dollar cybersecurity tech provider for financial institutions, forgot to buy the domain used as a default in their systems' email communications, according to a report.

The blunder could have exposed its clients' user information to anyone with a few bucks to buy the domain - However, before that could happen, researcher Abraham Vegh came across the error last November.

Fiserv said it has since purchased the default domain, obtained the emails and are working to notify affected users.

"We will no longer use placeholder domain names that include non-Fiserv owned domains," the statement added.

"In this instance, the company used a default domain as a placeholder in its software solutions.

' After talking with Fiserv, they made me a very reasonable offer to purchase the domain, which is way more than I was expecting for my efforts, and I was happy to accept and transfer the domain to them, closing the door on my involvement with it.


News URL

https://threatpost.com/fiserv-forgets-to-buy-domain-it-used-as-system-default/164903/