What happens when an organization loses control of a primary domain or related domain though domain hijacking? Given the stated 2 week update window, that is a long time for exposure of session data and would be a gold mine for hackers looking to exfiltrate data.

How should domain owners handles these scenarios?