My blog has moved: https://vincentyiu.co.uk Update: To my attention in April, it appears that Mindpoint may have been behind the automated assigning of the hijackable instances. See https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/ This is great, but CloudFront’s engineers definitely missed a whole lot, so I’m not sure if they actually see the problem. Given that they have access
![CloudFront Domain Hijacks under Attack](https://cdn-ak-scissors.b.st-hatena.com/image/square/913b7d7b4506ac8e41a369ee53522fdaaa026afc/height=288;version=1;width=512/https%3A%2F%2Fmiro.medium.com%2Fv2%2Fresize%3Afit%3A1200%2F1%2AKzBQ7ckJbImMGEZ2FZgKug.png)