ICANN website usernames and encrypted passwords stolen

The organisation charged with looking after the coordination of key internet systems has had its user profile database compromised.
Written by Asha Barbaschow, Contributor

Less than 12 months since its last cyberattack, the Internet Corporation for Assigned Names and Numbers (ICANN) believes that it has fallen victim to an outside attack.

The non-profit corporation responsible for administering certain key systems on the internet -- specifically IP addressing and DNS -- admitted on Thursday that within the past week, usernames, email addresses, and encrypted passwords for profile accounts on its public website were obtained by an "unauthorised person".

"While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorised access to an external service provider," ICANN said.

ICANN expects that leaked information includes user preferences, public biographies, interests, newsletters, and subscriptions.

The organisation said that there is no evidence to suggest that any profile accounts, or internal ICANN systems have been accessed without authorisation, nor that any operational information, financial data, or Internet Assigned Numbers Authority (IANA) systems were involved.

"These encrypted passwords (hashes) are not easy to reverse, but as a precaution we are requiring that all users reset their passwords.

"We sincerely regret any inconvenience or concern this incident may cause."

Less than a year ago, the ICANN fell victim to a phishing attack which resulted in the attackers gaining administrative access to some of ICANN's systems, including its Centralised Zone Data Service (CZDS).

At the time, ICANN said the attack was committed by using emails sent to staff members that were designed to look like they were internal. As a result of the attack, the email credentials of several ICANN staff members were compromised. Those credentials were then used to compromise other ICANN systems, including the CZDS, which is a service used by domain registries and other interested parties to request access to DNS root zone files.

The latest database compromise comes in the wake of the proposed release of the IANA from its tenure at the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) into the greater "multi stakeholder" global community.

ICANN said that the proposal was developed through a transparent community-led process, which was open to, and inclusive of, all interested stakeholders.

"The dedication that the internet community has exhibited to the IANA stewardship transition is nothing short of remarkable," Alissa Cooper, chair of the ICG and member of the Internet Engineering Task Force (IETF) community, said.

"The public comment period presents an opportunity for the public to assess the transition proposal in its entirety and for the ICG to build a public record demonstrating how the proposal meets the expectations set out by the U.S. Government."

Editorial standards