Cybersecurity Experts PwC Get One of Their Subdomains Hijacked By Porn Spam

It feels like it’s been months since I’ve been able to write about something that has nothing to do with coronavirus. Kind of a nice feeling, actually, I’ve forgotten what that’s like. Anyhoo, when my esteemed colleague Bramwell spotted this story the other day, he made sure to send it my way because apparently it’s my job to do the write-up any time porn and public accounting firms collide.

The Register reports:

A forgotten subdomain on PricewaterhouseCoopers’ dot-com has been hijacked to host ads for porno websites and apps, neatly demonstrating why you should not neglect your corporate DNS records.

Developer and security researcher Vitali Fedulov told The Register this week he has twice now found the pwc.com subdomain hosting a roster of X-rated adverts to lure netizens to online smut emporiums, X-rated apps, blogs, and adult-only chat rooms. The material also shows up in web searches.

The subdomain, amyca-devapi.pwc.com, has since been taken offline – it no longer resolves to an IP address – though its entries in Google remain for now.

And yep, there they are.

Screenshot via The Register

The article continues:

Fedulov, who runs an image search engine, said two times is too many for such a large accountancy firm serving government contracts.

“Since the company provides security services, including for governments, I believe it is time to share the incidents to the public,” he said. “Also, because, from my communication with them, the company seems not interested in supporting the cyber-security community by, for example, offering a bug bounty rewards, the way other large companies do it.”

“Bug bounties” are cold hard cash rewards for those individuals who find and report vulnerabilities in a company’s website, basically financial incentives for hackers to alert companies to security issues rather than exploit them. If you’re curious, here’s a massive list of companies that offer such incentives.

The Register article goes into the technical bits and pieces of how exactly this happened which we won’t waste your time with since you probably don’t care, but it’s worth pointing out it doesn’t seem like PwC systems were compromised.

Still, as Fedulov pointed out, it’s kind of embarrassing for a firm selling cybersecurity consulting services to find themselves lending Google juice to porn spam.

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

Layoff Watch ’20: PwC to Sever Ties with 5% of Its Workforce In Australia (UPDATE) PwC Limits Job Cuts to About 3%

[Updated on Aug. 3 with additional information.] PwC Australia CEO Tom Seymour said layoffs last month weren’t as large as anticipated—the firm let go of 250 PwCers instead of the 400 employees who had initially been targeted for involuntary departure by redeploying dozens of staff, according to the Australian Financial Review on Aug. 3: Mr […]