diff --git a/index.js b/index.js
index 452fa17..19e58f9 100644
--- a/index.js
+++ b/index.js
@@ -16,11 +16,12 @@ function defaultsDeep(target, objects) {
 
   function copy(target, current) {
     lazy.forOwn(current, function (value, key) {
-      if (key === '__proto__') {
+      if (key === '__proto__' || (key === 'constructor' && value && value.prototype)) {
         return;
       }
 
       var val = target[key];
+
       // add the missing property, or allow a null property to be updated
       if (val == null) {
         target[key] = value;
diff --git a/test.js b/test.js
index fa418e7..9a38faf 100644
--- a/test.js
+++ b/test.js
@@ -37,4 +37,10 @@ describe('deep-defaults', function () {
   it('should return an empty object when the first arg is null.', function () {
     deepDefaults(null).should.eql({});
   });
+
+  it('should not override Object prototype', function () {
+    var payload = JSON.parse('{"constructor": {"prototype": {"isAdmin": true}}}');
+    deepDefaults({}, payload);
+    (({}).isAdmin || false).should.eql(false)
+  })
 });