ICANN to reveal extent of data breach

ICANN has said it will tell gTLD applicants by early next week whether their information was exposed by a security glitch in ICANN's application system.

Internet address coordinator ICANN said on Friday that it would tell applicants for generic top level domains (gTLDs) whether their application details had been exposed by the glitch.

"ICANN will notify all applicants within the next seven business days whether our analysis shows they were affected by the technical glitch in the TLD application system," ICANN chief operating officer Akram Atallah said in a statement. "In order to make these notifications, we are identifying each applicant file name and user name that might have been viewed, and who might have viewed them."

The organisation is "reviewing internal system logs and full packet-level capture of all traffic to and from the application system", Atallah said. The logs are being reviewed from 12 January, when the gTLD application process opened, to the 12 April, when ICANN suspended the application system due to the glitch.

After ICANN notifies affected customers, it will reopen the application process, Atallah added.

The glitch allowed certain applicants to view certain details of other applicants, such as file names and user names, ICANN said in an FAQ published last Saturday. The problem lay in the way the application system handled attachments.

"Under certain circumstances, an interrupted deletion process resulted in applicants being able to see file names and user names that belonged to other applicants," said the FAQ.

Before the application process was suspended, businesses and organisations could apply for almost any word they wanted as a domain name, such as .wales and .gay, and brand names and non-Latin characters were allowed.