ICANN reports that its user accounts page was compromised by hackers who gained access to names, email addresses, hashed passwords, and more.
On Wednesday, the domain name service admitted that its server security had been compromised in the past week: an "unauthorized person" had obtained information, including harmless information (!) Such as newsletter subscriptions, and usernames with them. passwords.
It should be mentioned that anyone can create an account at ICANN.org, which usually usesby people working in the field of Internet governance – policy makers from governments and businesses, network developers, etc.
Passwords that were leaked were one-way encrypted using the bcrypt algorithm. ICANN has at this time reset all its users' passwords, and warns whoever uses the same password they used on their ICANN code and on other sites to change the codes directly into those accounts if someone breaks the hashes.
As stated by the company attack it does not affect any IANA systems, which operate on a separate network to ICANN.
An ICANN spokesman said the passwords are encrypted with bcrypt.
"There is no evidence that profile accounts had access to any ICANN internal systems without permission."
It should be noted that this is not the first time that ICANN has been attacked. In March, a hole was discovered security, in April, gTLD information was exposed, in December, hackers managed to obtain a database of DNS information.
Perhaps the US government should have a look at ICANN and reconsider having deposited such important information.