Latest news of the domain name industry

Recent Posts

Typo left MasterCard open to hackers for years

Kevin Murphy, January 23, 2025, Domain Tech

A typo in MasterCard’s DNS configuration left the company open to hackers for years, it has emerged.

As first reported by Krebs On Security, from June 2020 until this month one of az.mastercard.com’s nameservers was set as akam.ne rather that akam.net, a domain used by DNS resolution provider Akamai.

The .ne version, in Niger’s ccTLD, was unregistered until security researcher Philippe Caturegli discovered the typo and spent $300 to secure the domain and check to see how much traffic it was getting, before handing it to MasterCard.

Had Caturegli been a bad actor, he could have used the domain to set up a man-in-the-middle attack, diverting a big chunk of traffic intended for mastercard.com to the server of his choosing.

MasterCard said its systems were not at risk and the typo has been corrected, Krebs reports.