ICANN reports that its user accounts page was compromised by hackers who gained access to names, email addresses, hashed passwords, and more.
On Wednesday, the domain name service admitted that its security server was hacked last week: an "unauthorized person" managed to obtain information, including harmless information (!) such as newsletter subscriptions, usernames and passwords.
Mention that anyone can create an account at ICANN.org, which is commonly used by people working in Internet governance - government and business policymakers, network developers, etc.
The leaked passwords were one-way encrypted using the bcrypt algorithm. ICANN has currently reset all of its users' passwords, and is warning anyone using the same password that they used on ICANN.org and other websites to immediately change the passwords on those accounts, in case someone break them hashes.
As the company the attack does not affect any IANA systems, which operate on a separate network to ICANN.
An ICANN spokesman said the passwords are encrypted with bcrypt.
“There is no evidence that profile accounts accessed any internal ICANN systems without permission. "
Let's say it is not the first time that ICANN has been attacked. In March, a security hole was discovered, in April, gTLD information was exposed in December, hackers managed to obtain a DNS database.
Perhaps the US government should have a look at ICANN and reconsider having deposited such important information.
