This domain hijacking idea reminds me of an incident with Google I discovered a couple of years ago that landed me a bug bounty with them. I found out they created email logins with a not-registered domain for their candidacy account. I ended up registering that domain and "sold" it back to them in good faith. At least I can die with a smile on my face -- I once sold Google a domain.

details: http://www.tnhh.net/posts/gcandidate-who-is-interviewing-wit...