diff --git a/lib/clone.js b/lib/clone.js
index c3968cfa..57120df3 100755
--- a/lib/clone.js
+++ b/lib/clone.js
@@ -75,6 +75,10 @@ module.exports = internals.clone = function (obj, options = {}, _seen = null) {
 
     const keys = Utils.keys(obj, options);
     for (const key of keys) {
+        if (key === '__proto__') {
+            continue;
+        }
+
         if (baseProto === Types.array &&
             key === 'length') {
 
diff --git a/test/index.js b/test/index.js
index 89d15ce1..3ea034d0 100755
--- a/test/index.js
+++ b/test/index.js
@@ -762,6 +762,15 @@ describe('clone()', () => {
         expect(copy.a).to.shallow.equal(obj.a);
         expect(copy.x).to.shallow.equal(obj);
     });
+
+    it('prevents prototype poisoning', () => {
+
+        const a = JSON.parse('{ "__proto__": { "x": 1 } }');
+        expect(a.x).to.not.exist();
+
+        const b = Hoek.clone(a);
+        expect(b.x).to.not.exist();
+    });
 });
 
 describe('merge()', () => {