support.invisionpower.com takeover the subdomain with Zendesk

The subdomain at https://support.invisionpower.com has an unclaimed CNAME record ( ipscommunity.zendesk.com ). I checked the username availability in the signup process at Zendesk, it was observed that the subdomain is vulnerable to a subdomain takeover which allows an attacker could exploit such a situation by registering the expired sub domain and setting up a phishing page that mimics the company’s main support website. ## Impact Subdomain takeover can be abused to do several things like : Malware distribution Phishing / Spear phishing XSS Authentication bypass Legitimate mail sending and receiving on behalf of the ford subdomain ... The list goes on and on.