ICANN’s usernames and encrypted passwords stolen

The Internet Corporation for Assigned Names and Numbers (ICANN) has fallen victim to an outside attack.

The non-profit corporation admitted on Thursday that within the past week, usernames, email addresses, and encrypted passwords for profile accounts on its public website were obtained by an “unauthorised person”.

The leaked information includes user preferences, public biographies, interests, newsletters, and subscriptions.

“The encrypted passwords appear to have been obtained as a result of unauthorised access to an external service provider,” ICANN said.

The good news is that there is no evidence to suggest that any profile accounts, or internal ICANN systems have been accessed without authorisation, nor that any operational information, financial data, or Internet Assigned Numbers Authority (IANA) systems were involved.

As a precaution ICANN is requiring that all users reset their passwords.

“We sincerely regret any inconvenience or concern this incident may cause.”

ICANN fell victim to a phishing attack less than a year ago, which resulted in the attackers gaining administrative access to some of ICANN’s systems, including its Centralised Zone Data Service (CZDS).