The real question is "how many people actually check this sort of thing?" I would be willing to bet that few, if any, smaller organizations (i.e. ones who have essentially static zone info) ever check the contents of their DNS once it's been set up.

Interesting. I tried zone transfers on some of the first domains I found, but gave up on them because I wasn't getting anywhere. What you're seeing is very odd -- almost like DNSExit is treating buy-viagra.4kidsnus.com like a domain itself rather than as a sub-domain of 4kidsnus.com.

In addition to sending notifications to site owners, I did communicate with several of them and they were shocked to find out about the alteration of their domain information. I also spoke with some of the DNS providers and I found nothing to indicate that they were involved (also, from TFA, the domains are spread across multiple DNS providers). As I said in the write-up, my bet is on a combo of poorly chosen passwords and overly generous/non-existent account lockout policies on something like a cPanel interface.

Just enough to tell 'em what you think...