Hasty Briefsbeta

Bilingual

Bought an expired domain. Then I inherited their AWS Root account

5 hours ago
  • #domain-expiration
  • #sysadmin
  • #aws-security
  • A person bought an expired startup domain and gained access to their AWS Root account via email recovery.
  • The AWS account was actively running production infrastructure costing over $5,000 annually, not abandoned.
  • The company lost control due to domain expiration, highlighting domain security as a critical weak link.
  • The finder responsibly disclosed the issue to the company and recommended security measures.
  • Lessons include moving critical accounts away from expiring domains and securing AWS Root email addresses.