Security News > 2021 > September > Over 60,000 domains parked at MarkMonitor could be taken over
Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking.
The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
"I claimed over 800 root domains in this timeframe, and other researchers had similar amounts of claimed domains," continued the engineer.
Carroll's main concern was, as many as 62,000 domains parked over at MarkMonitor could potentially be hijacked, and abused for phishing.
"Neither live domains nor DNS were impacted. We take the protection of the domains entrusted to us - including parked domains - extremely seriously, and we work every day to make sure we are following the best security practices and guidelines."
"We are also evaluating mechanisms to be alerted more quickly of any HTTP error responses from domains that are parked with our parking service, which may allow us to identify and react to unexpected behavior even more quickly in the future," concluded MarkMonitor spokesperson in their statement to BleepingComputer.