Skip to content

Top 6 Subdomain Takeover attacks on Uber, Lamborghini,

Top 6 Subdomain Takeover attacks on Uber, Lamborghini,

One of the major pain point for large enterprises is not knowing their digital infrastructure completely. Hackers are constantly looking for these soft targets. Subdomain Takeover is a type of vulnerability which occurs when a DNS entry (subdomain) of an organization points to an External Service (ex. Heroku, Github, Amazon, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized. In this blog, we listed some of the top subdomain takeover attacks on companies like Uber, Lamborghini, etc.

Subdomain takeover vulnerabilities occur when a subdomain ( is pointing to a service (e.g. GitHub pages, Heroku, Desk etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain.

For example, if was pointing to a GitHub/Heroku/Desk page and the user decided to delete their GitHub/Heroku/Desk page, an attacker can now create a GitHub/Heroku/Desk page, add a CNAME file containing, and claim

Security Impact

With a successful subdomain takeover an attacker can serve content on the subdomain of yours.Attacker can completely clone of the site, steal valuable credentials like admin accounts (by adding a login form that will redirect the user to a certain page).

If the subdomain is a child domain of the service’s basename, then the attacker can read and set cookies on the basename too – can set cookies for, which can be lead to further high risk vulnerabilities like like Authentication bypass, CORS bypass & many.

>> READ MORE:   Gartner Predicts 30% Of Breaches Due To Shadow IT by 2020

Following are some of the “infamous” attacks that happened because of sub-domain takeover:

Uber Case:

  1. Authentication bypass on via subdomain takeover of To Read More … Click here
  2. Subdomain takeover on due to non-existent distribution on Cloudfront. To Read More … Click here

Ubiquiti Network Case:

Authentication bypass on via subdomain takeover of To Read More …Click here

Donald Trump fundraising site Case:

Hacker defaces Donald Trump fundraising site via subdomain takeover attack.  To Read More …Click here

Snapchat Case:                                                              

Subdomain takeover of To Read More … Click here Case: vulnerable to Subdomain Takeover. To Read More … Click here


Lamborghini Case:

Subdomain Takeover Through Expired Cloudfront Distribution | To Read More … Click here