MasterCard Fixed Domain Name Server Error

• MasterCard had a glaring error in its domain name server settings for nearly five years.
• A security researcher spent $300 to register the misconfigured domain az.mastercard.com (a22-65.akam.ne) and prevent cybercriminals from grabbing it.
• MasterCard uses five shared Domain Name System (DNS) servers at Akamai. One was misconfigured with the domain “akam.ne” instead of “akam.net”.
• Philippe Caturegli discovered the typo. He secured the domain and noticed many DNS requests.
• He could have received wayward emails or obtained website encryption certificates.
• MasterCard acknowledged the mistake but said there was no real threat.
• Bugcrowd requested the post about the error to be removed as it didn't align with ethical practices.
• Caturegli said he reported the issue directly to MasterCard and demonstrated ethical security practices.
• Many Internet users rely on public traffic forwarders. With a long TTL, an attacker can reroute more traffic.
• The misconfigured DNS server involved the MasterCard subdomain az.mastercard.com, likely related to Microsoft Azure.
• The domain akam.ne was previously registered in December 2016 by an “Ivan I.” from Moscow and was hosted in Germany until 2018. There is a similar typo domain awsdns-06.ne registered to a Yandex user and hosted at the same German ISP.