A recent study has revealed that some of the world's most prestigious universities' websites are serving explicit pornographic content. The issue stems from negligent housekeeping by site administrators who failed to remove outdated subdomains after their decommissioning.

Researcher Alex Shakhov identified hundreds of subdomains for at least 34 universities, including berkeley.edu, columbia.edu and washu.edu, being exploited. These subdomains served malicious content, including explicit pornography and even scam sites posing as technical support services.

The exploitation is a result of a clerical error, where administrators create CNAME records when commissioning new subdomains but fail to remove them after decommissioning. Scammers like the Hazy Hawk group then exploit these outdated records, hijacking university subdomains and redirecting search queries to their own malicious content.

The abuse of academic domains highlights a significant security issue in internet infrastructure, where even reputable institutions can fall victim to such oversights. The incident underscores the need for better record-keeping practices and more robust cybersecurity measures across all domains.