Third-Party Risk Discovery in the DNS | WhoisXML API

Threat Reports

When Marketing Vendors Get Attacked, Clients Suffer: Third-Party Risk Discovery in the DNS

Security incidents that start out in a third party can be detrimental to a connected organization. FortifyData recently listed some of the year’s top third-party data breaches,1 highlighting the threat’s commonality and scale.

WhoisXML API zoomed in on one of the incidents on the list—the AT&T data breach, where 9 million accounts2 were exposed after their marketing vendor suffered an incident. Some of our key findings are:

  • 8,400+ domains containing the names of popular marketing vendors, very few of which could be publicly attributed to the companies
  • Less than half had IP resolutions, with several hosting suspicious content unrelated to the imitated companies
  • Dozens of domains flagged as malicious, hinting at a pattern that uses the string us followed by a number
  • 570+ domains following the malicious pattern added from 1 January to 5 May 2023
  • 4% of the us-containing domains were malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
  • 2]
Try our WhoisXML API for free
Get started