Bought an expired domain. Then I inherited their AWS Root account
5 hours ago
- #domain-expiration
- #sysadmin
- #aws-security
- A person bought an expired startup domain and gained access to their AWS Root account via email recovery.
- The AWS account was actively running production infrastructure costing over $5,000 annually, not abandoned.
- The company lost control due to domain expiration, highlighting domain security as a critical weak link.
- The finder responsibly disclosed the issue to the company and recommended security measures.
- Lessons include moving critical accounts away from expiring domains and securing AWS Root email addresses.