What’s Going On?

A subdomain is an independent domain that is a part of another parent domain, for example childDomain.parentDomain.com. They are usually used to differentiate content that’s separate from the main website or relate to it in different technical aspects, like Single Sign-On (SSO). Using a subdomain can also provide a way of testing a newer version of the site before publishing on the more widely available platform. Finally, many popular online stores create a subdomain to handle their transactions using 3rd parties as eCommerce sites are usually more complex to create. Our cybersecurity team came across a vulnerable subdomain belonging to People.com, called AmericanDream. The subdomain’s content was already removed, however, our research revealed the site used to hold different American “Against the odds” stories of famous and successful people. We also found scarce details about an ebook that seems to have been available on the site.

How Did This Happen and What Are the Consequences?

The main risks of subdomain takeover include: Additionally, despite the external provider service being a static website (which means it doesn’t have server side logic, such as a login process or a database), it could still be used by hackers as a resource to redirect attackers to such server content due to its connection with the main site. It’s crucial to remember that this list is not exhaustive and there is a possibility of other additional risks of such vulnerability.

Is There Anything I Need to Do Now?

Though this subdomain vulnerability is now secure, there are many other buckets that could be taken over. In the past, many big online platforms, like Slack, GiHub, and Uber, had their expired subdomains hijacked and their users’ credentials were stolen as a result. Unfortunately, there isn’t much you can do as a user to protect your data in case of a subdomain takeover. It’s a company’s responsibility to constantly monitor its online platform for unauthorised DNS entries. However, there are still certain precautions you should take to minimise the risk of having your data harvested. Always be vigilant and check for signs of suspicious subdomains. These include, but aren’t limited to, a website displaying certificate errors or showing an unsecure HTTPS address. Don’t enter your personal details if you’ve never had to do that before, even if the site prompts you with a pop-up message. Trustworthy sites would never ask for additional information if you used the service already. If you’re browsing through any unsecured sites or their subdomains, refrain from clicking on pop-up warnings or ads, especially if it means you’ll need to download something. They are often riddled with malware that creates a backdoor for hackers allowing them to take control of your device or steal your data. If you come across any unusual activity tied to your name or unknown files on your device, report it as soon as possible. Finally, make sure you use a reputable antivirus software, as well as a VPN provider. Both programs will protect you against phishing, malicious downloads, or identity theft. Various providers offer their services for free, so you can stay safe without going over your budget. To learn more about how a VPN can help you, read our VPN guide for beginners.

Who Is WizCase?

WizCase is a leading virtual security website specializing in VPN protection, but also guides and tips on how to increase your online security. With our articles translated in 29 languages, we regularly help increase online protection for people all over the world. Our team regularly uncovers data breaches and security issues, including recent e-commerce website leaks and potential spyware on webcams. We always ensure the company involved is aware of security issues before publishing our reports. That way the problems can be fixed quickly to protect its users from any cybercrimes. We’ve disclosed the issue to both People.com and AWS, but so far, nobody responded to our messages. To prevent potential site hijacking, we managed to claim and secure the subdomain ourselves when we discovered the vulnerability, so it wouldn’t be used for any malicious purposes. The companies seem to have now fixed the issue.