07 Jan 2014

Tajikistan's Google, Yahoo, Twitter, Amazon Hacked via Domain Registrar Breach

Tajikistan's Google, Yahoo, Twitter and Amazon domains have been affected by an Iranian hacker who breached the Domain Registrar (domain.tj), according to The Hacker News.

A hacker by the name of Mr.XHat breached the systems of Tajikistan’s Domain Registrar and redirected the visitors of Google, Yahoo, Twitter and Amazon to a defaced page.

“The hacker claimed to have the Root access to Mysql database of the site, where customer passwords are stored in a hashed / encrypted format,” said the article. “To get an access to Twitter/Google's Customer domain panel, he smartly changed the administrative email address of respective accounts to his own email address and proceed with password recovery option.”

The hacker allegedly exploited a Directory Traversal vulnerability to obtain access to the administrator panel.

The “defaced” domains have been recovered by their owners. The Tajikistan Domain Registrar made no comment regarding the incident.