ICANN Website Users' Login Information 'Obtained' in Data Breach
User names, email addresses and encrypted passwords for users of ICANN’s website were "obtained" at some point in the past week via “unauthorized access to an external service provider,” ICANN said Wednesday. The data breach didn’t expose information related to…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
the Internet Assigned Numbers Authority (IANA) functions or ICANN financial information, ICANN said. “There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization,” it said. ICANN hasn't sought a law enforcement investigation of the breach but its own inquiry is "ongoing," a spokesman said. The nonprofit said it’s requiring all users to reset their passwords and cautioned them to also reset passwords for other websites if they are the same as the one they used on ICANN’s website. ICANN previously was the target of other data breaches, including a November spear phishing attack that affected its centralized zone data system (CZDS), which contained names, email addresses, phone numbers and other information of CZDS users. That breach also affected ICANN’s Governmental Advisory Committee members-only wiki website (see 1412170037).