Prestigious University Domains Hijacked for Porn and Scam Content via Abandoned Subdomains

Researchers have identified a systematic abuse of university web infrastructure, with domains belonging to some of the world's most recognized institutions serving explicit pornographic material and scam content. The affected sites include berkeley.edu, columbia.edu, and washu.edu—the official domains for the University of California, Berkeley, Columbia University, and Washington University in St. Louis. Security researcher Alex Shakhov documented subdomains delivering adult content alongside at least one instance of a scam page falsely claiming a visitor's computer was infected and demanding payment for fake malware removal.

The exploitation stems from what security experts describe as inadequate subdomain management by institutional web administrators. Scammers identified abandoned or forgotten subdomains—often created for temporary projects, development environments, or legacy systems—and registered them with malicious content. In total, Shakhov reported that hundreds of subdomains across at least 34 universities have been compromised in this manner. Google search results indicated thousands of potentially affected URLs. The technique takes advantage of institutional record-keeping gaps, where subdomains created for specific purposes were never properly decommissioned when no longer in use.

The incident highlights broader concerns about domain hygiene within higher education institutions. University web estates are often sprawling and managed by multiple departments with limited centralized oversight, creating conditions where forgotten subdomains can persist undetected for years. For visitors, the exposure ranges from inadvertent access to explicit material to sophisticated social engineering via fake security warnings. The abuse also carries reputational risk for institutions whose domains are associated with adult content, even if the connection results from administrative oversight rather than intentional involvement.