It is interesting that Comodo would have even allowed these certificates to be generated. In most cases there is verification of ownership of the domain before a certificate is issued. This makes me wonder where those checks failed. It is a best practice in corporate PKI to have human intervention for specifically high risk certificates. A company with the trust of Comodo really needs to go farther to prevent these issues.