Private data entered into the ICANN portals for new gTLD applicants and the GDD (Global Domains Division) was viewable in at least 36 log in sessions since April 2013, according to an ICANN statement issued on Thursday.
“The results of the investigation currently indicate that the portal users were able to view data that was not their own,” said the release. The portals store data about applicants to the ICANN new gTLD program and gTLD registry operators.
In December ICANN announced that hackers used a spear phishing attack to target employees in late November resulting in the ability to access ICANN systems. According to a report released by FireEye’s Mandiant division in February, cybercriminals can use a phishing attack to gain access to employee credentials and send messages from internal email accounts in as little as 30 minutes.
According to investigators, this latest breach resulted in unauthorized access to the ICANN systems from advanced searches using the login credentials of 19 users. The records of 96 applicants and 21 registry operators were exposed. The organization plans to inform the parties involved shortly. Possible data viewed could include contact information, details about launches and technical information on adding new gTLDs. Read more on these sources: TheRegister and TheWhir