Shared by Alex Shakhov:
“A European cybersecurity company left a typo in their DNS for over a year, so we registered it.
We only did that to keep an attacker from getting there first, after they ignored our disclosures across multiple channels. The next day, their own security telemetry started flowing to us.
The typo was in their DMARC RUA endpoint, so within days we had mapped their sending infrastructure, the vendors sending on their behalf, and even their internal R&D systems, right down to the specific tooling they run and where it’s hosted.
If an attacker had registered that domain, this would be a GDPR incident with fines and a reputational hit, built from a single typo.
It doesn’t matter if you have #DMARC p=reject and enterprise-level security controls in place, when the employees touching your DNS are typing the values instead of copying/pasting them.
Audit your DNS and confirm you control every domain it points to. There’s no point in strict security controls if one dangling record is leaking your internal data.
