ICANN Website Security Breached

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a warning to those who registered with its public website that their profile accounts were accessed by an "unauthorized person".  ICANN states that the usernames, email addresses, and encrypted passwords to people's profile accounts have been compromised in the last week. Profile accounts on the ICANN website can contain "user preferences for the website, public bios, interests, newsletter subscriptions, etc"

In a statement published on its website, ICANN state that "there is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization" and that "no operational information, financial data or IANA systems were involved."

While details of how the accounts were accessed were not outlined in the statement the organisation did say "the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider".

While the passwords were hashed and "not easy to reverse" ICANN are taking the precautionary step to reset users' passwords and require them to change their password on their next visit to the site.

ICANN goes on to advice users "if you have used the same password on other websites or services, you should change it immediately on those other websites or services. As a general matter, you should avoid reusing passwords across multiple sites."

This is the most recent security breach at ICANN following on from a breach in February of this year which enabled applicants for some of the new top level domains to see the details of other registered applicants.

In December of 2014 ICANN reported that some of its staff were the victims of a spear phishing attack resulting in their email credentials being compromised.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ICANNInternet Corporation for Assigned Names and Numberssupply chain security

More about IANAICANNInternet Corporation for Assigned Names and Numbers

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Brian Honan

Latest Videos

More videos

Blog Posts