Home > Security > Security News

MasterCard Fixes 5-Year DNS Configuration Error Allowing the Registration of Unused Domain Name 

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

Payment card giant MasterCard recently resolved a critical misconfiguration in its Domain Name System (DNS) settings that had persisted for nearly five years and could have allowed malicious actors to intercept or reroute Internet traffic and emails associated with the mastercard.com network.

Between June 30, 2020, and January 14, 2025, a single DNS misconfiguration left a core Internet server of MasterCard vulnerable. A small typo made the server name susceptible to registration by unauthorized parties. 

MasterCard uses five DNS servers provided by Akamai, all of which are meant to end in the domain “akam.net.” However, one server was erroneously configured to end in “akam.ne,” which falls under the top-level domain of Niger. 

Mistyped domain name a22-65.akam.ne, DNS lookup on the domain az.mastercard.com on Jan. 14
Mistyped domain name a22-65.akam.ne, DNS lookup on the domain az.mastercard.com on Jan. 14 | Source: Krebs on Security

The issue was first identified by Philippe Caturegli, founder of the security consultancy Seralys, who determined that the domain “akam.ne” was unregistered and could be acquired.

Caturegli took proactive steps to mitigate any potential risks. He purchased the “akam.ne” domain for $300 and set up a DNS server to observe activity. Within hours, he began receiving hundreds of thousands of DNS requests from global sources, confirming the extent of the reliance on this misconfigured server. 

While additional entities also mistyped their DNS configurations to include “akam.ne,” MasterCard was by far the most significant party implicated.

Had a malicious actor acquired the domain, they could have launched severe exploits, such as intercepting Mastercard-associated email communications, acquiring SSL/TLS certificates to divert or impersonate legitimate web traffic, or even capturing Microsoft Windows authentication credentials from connected systems. 

Yet, Caturegli refrained from taking any such actions, instead notifying MasterCard of the vulnerability. MasterCard swiftly resolved the issue after being alerted by Caturegli. 

A company spokesperson released a statement saying, “We have looked into the matter and there was not a risk to our systems. This typo has now been corrected.” However, the company’s approach to addressing the disclosure raised concerns within the security community.

Caturegli disclosed the error on LinkedIn after securing the domain, which resulted in a dispute with MasterCard, who requested that the post be removed, calling the disclosure inconsistent with ethical practices. 

Caturegli clarified that he had no affiliation with MasterCard’s Bugcrowd vulnerability disclosure initiative and had independently reported the issue directly to MasterCard. 

He emphasized, “Before making any public disclosure, I ensured that the affected domain was registered to prevent exploitation, mitigating any risk to MasterCard or its customers. This action demonstrates our commitment to ethical security practices and responsible disclosure.”


Add a Comment
Related
Over 4M VPN Servers and Home Routers Exposed to Hijacking via Tunneling Protocol Issues
New Lumma Stealer Campaign Leverages Fake CAPTCHA Verifications
Palo Alto Networks Appliances in Need of a Security Overhaul?
Amos Stealer Distributed to MacOS and Linux Users via Google Ads Promoting Fake ‘Homebrew’ Site
PlushDaemon Exploits South Korean VPN IPany
Thousands of Security Vendor Credentials Exposed on the Dark Web
Most Popular
Severance
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations
2025 Oscar Nominations: Full List Here 
Children of Blood and Bone
Everything we know About Children of Blood and Bone
Duck Dynasty
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations: Full List Here 
Everything we know About Children of Blood and Bone
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy

Most Popular
Severance
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations
2025 Oscar Nominations: Full List Here 
Children of Blood and Bone
Everything we know About Children of Blood and Bone
Duck Dynasty
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations: Full List Here 
Everything we know About Children of Blood and Bone
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: