Security News > 2021 > September > Over 60,000 parked domains were left up for hijacking

Over 60,000 parked domains were left up for hijacking
2021-09-03 07:00

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking.

The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

This week, security engineer and bug bounty hunter Ian Carroll saw his automation script flag hundreds of domains belonging to different organizations that were vulnerable to domain hijacking.

"I claimed over 800 root domains in this timeframe, and other researchers had similar amounts of claimed domains," continued the engineer.

Carroll's main concern was, as many as 62,000 domains parked over at MarkMonitor could potentially be hijacked, and abused for phishing.

"Neither live domains nor DNS were impacted. We take the protection of the domains entrusted to us - including parked domains - extremely seriously, and we work every day to make sure we are following the best security practices and guidelines."


News URL

https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-left-up-for-hijacking/