This past week two hackers were convicted of defacing Comcast’s website in May of 2008.
Their methods were fairly simple, as they used social engineering to get a Comcast employee to give them user and password information to Comcast’s DNS account. Once the hackers logged into Network Solutions (the company hosting the DNS entries), they just pointed the DNS record to their own website.
Whether someone actually gains access to a website or redirects visitors to a different site, the result to the business is the same; lost revenue.
What procedures does your company have in place which could prevent this type of security breach from happening? Who has access to your DNS account information? Are you using a strong password? Have you made any employee changes which require a new password?
Answering these questions now could prevent a major incident in the future.