Google, Yahoo, Amazon and Twitter Domains Impacted by Tajikistan Registrar Hack


Google, Twitter, Yahoo and Amazon Tajikistan "defaced"

The systems of Tajikistan’s domain registrar (domain.tj) have been hacked. The attacker, an Iranian hacker who uses the online moniker Mr.XHat, has taken the opportunity to “deface” a number of high-profile domains.

According to The Hacker News, Mr.XHat has changed the DNS records for the Tajikistan domains of Google, Twitter, Amazon and Yahoo to redirect the websites’ visitors to a defacement page.

The hacker claims he had exploited a Directory Traversal vulnerability to gain access to the domain’s registrar administration panel. He also says he accessed the MySQL database containing customer credentials.

He gained access to the google.com.tj, yahoo.com.tj, twitter.com.tj and amazon.com.tj accounts after changing their administrative email addresses to his own address. Then, he simply reset the passwords of the targeted accounts.

At the time of writing, the Google, Yahoo, Amazon and Twitter domains have been restored. I’ve sent out an email to the Tajikistan domain registrar in hopes that the organization can provide more details on the attack. This post will be updated if the registrar responds to my inquiry.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s