Cybersecurity Experts PwC Get One of Their Subdomains Hijacked By Porn Spam

It feels like it’s been months since I’ve been able to write about something that has nothing to do with coronavirus. Kind of a nice feeling, actually, I’ve forgotten what that’s like. Anyhoo, when my esteemed colleague Bramwell spotted this story the other day, he made sure to send it my way because apparently it’s my job to do the write-up any time porn and public accounting firms collide.

The Register reports:

A forgotten subdomain on PricewaterhouseCoopers’ dot-com has been hijacked to host ads for porno websites and apps, neatly demonstrating why you should not neglect your corporate DNS records.

Developer and security researcher Vitali Fedulov told The Register this week he has twice now found the pwc.com subdomain hosting a roster of X-rated adverts to lure netizens to online smut emporiums, X-rated apps, blogs, and adult-only chat rooms. The material also shows up in web searches.

The subdomain, amyca-devapi.pwc.com, has since been taken offline – it no longer resolves to an IP address – though its entries in Google remain for now.

And yep, there they are.

Screenshot via The Register

The article continues:

Fedulov, who runs an image search engine, said two times is too many for such a large accountancy firm serving government contracts.

“Since the company provides security services, including for governments, I believe it is time to share the incidents to the public,” he said. “Also, because, from my communication with them, the company seems not interested in supporting the cyber-security community by, for example, offering a bug bounty rewards, the way other large companies do it.”

“Bug bounties” are cold hard cash rewards for those individuals who find and report vulnerabilities in a company’s website, basically financial incentives for hackers to alert companies to security issues rather than exploit them. If you’re curious, here’s a massive list of companies that offer such incentives.

The Register article goes into the technical bits and pieces of how exactly this happened which we won’t waste your time with since you probably don’t care, but it’s worth pointing out it doesn’t seem like PwC systems were compromised.

Still, as Fedulov pointed out, it’s kind of embarrassing for a firm selling cybersecurity consulting services to find themselves lending Google juice to porn spam.

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

PwC Poaches Someone From Deloitte and Issues a Press Release, Part I

Last week we told you guys about Deloitte Ireland helping a longtime PwC tax director achieve his dream of becoming a Big 4 partner. In today’s edition of “Big 4-on-Big 4 Poaching From Around the World,” we head to Switzerland, where a PwCer-turned-Deloitter is coming back home to Papa Whiskey Charlie. Richard Geldart rejoined PwC […]

Keeping Cash Flowing In Turbulent Times

“Cash flow is top-of-mind for most clients,” reads an April 3, 2020 article in the Journal of Accountancy about how CPAs are supporting business owners through the COVID-19 crisis. Cash flow has always been an issue for business owners, and CPAs are always their trusted advisors, but if the coronavirus pandemic has taught us anything […]