Yesterday, U.S President Donald Trump official website had been hacked and defaced by a hacker with an online alias 'Pro_Mast3r'. According to the deface page of hacker it is clear that he from Iran.
Hacker had managed to deface one of the server secure2.donaldjtrump.com that is protected by CloudFlare's content management security.
The hacked server was original Trump server as it's certificate of server were valid and legitimate.
According to the sources the CName record of hacked subdomain of Trump site was initially pointing to Pantheon.io, and web admin closed the pantheon account but didn't removed CName record of its subdomain.
Due to which hacker had easily claim the subdomain by again creating an pantheon account. This is a subdomain takeover Vulnerability that was earlier disclosed by Detectify team on 2014.
There are more than thousands of domain that are vulnerable to this domain hijacking bug.