The Belgian government is leaking sensitive information via expired domain names, according to Belgian security researcher https://x.com/intidc/status/1793143745308750285
in a blog posting . The researcher registered 107 expired domain names that had belonged to Belgian municipalities, police zones, psychiatric hospitals, justice, social security organizations and other institutions.
After registration, De Ceukelaire received all kinds of emails for the domain names in question, sometimes containing sensitive information. For the 107 registered domain names, at least 848 email addresses still appeared to be active. It also turned out that the email addresses still in use were registered with all kinds of cloud services. The researcher was also able to gain access to cloud accounts by performing a password reset.
Via the 848 email addresses he managed to gain access to 80 Dropbox accounts, 142 Google Drive accounts and 57 Microsoft, OneDrive and SharePoint accounts, as well as dozens of Smartschool and Doccle accounts. After some time, De Ceukelaire turned off receiving emails and alerted the Belgian Center for Cybersecurity, which informed previous domain owners about the risks of expired domain names.
“With hundreds of new domain names set to expire in the coming year, structural changes are needed to prevent this from happening again,” said De Ceukelaire, who hopes to raise awareness with his research. In the Netherlands, the problem of expired domain names has been known for years. In 2017, the police appeared to leak sensitive emails in this way and in 2019, youth care leaked files of thousands of children via expired domain names.
