Your IT Consultant

Abandoning Domains Allows Access to Your Data

August 29, 2018

I'm pretty sure that the internet is here to stay. It is getting more and more difficult to register a unique domain name for your firm or business, so should you hang on to any name that you've registered? I recently saw a blog post on CSO that changed my mind about whether or not to hold on to old domain names. Abandoned domain names are low hanging fruit for the bad guys. The main problem is that email addresses are typically used for password resets. So what if someone can control your domain (and the email addresses associated with the domain) to reset passwords?

I was particularly interested in the post because it mentioned how abandoned domain names impact lawyers and their law firms. "The problem is especially grave for law firms where partnerships form, dissolve, and merge often, security researcher Gabor Szathmari points out. A merger or acquisition typically involves either new branding for the new firm, with a new domain name to match, or the acquired firm dropping their old branding and domain name. Letting those old domains expire is dangerous."

I can now see how dangerous it is to abandoned domain names. Once you lose control of your old domain, someone can setup email addresses to get the password reset notifications for critical data access. Since domain name registration costs are really not that expensive, companies/firms should budget for extending the registration long after any change in business structure.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com