ICANN — the organisation that looks after the names and domains of the internet — has suffered a serious phishing attack that has compromised its data. The attacks were initiated in November 2014 and used emails that appeared to originate from ICANN servers to dupe employees.
The attack resulted in email credential being stolen, and now ICANN has also explained that its Centralized Zone Data System — which includes personal user detail information including names and addresses — was compromised. Information was also taken from the ICANN Wiki, as well as user account data for the ICANN Blog and the ICANN WHOIS information portal.
Currently, ICAN explains that it is "not aware of any other systems that have been compromised". While ICANN underwent a major security update earlier in the year, it clearly wasn't major enough. That said, it did say that the "enhancements helped limit the unauthorised access obtained in the attack." So that's something. ICANN is now working to ensure its security measures are watertight. [ICANN]
Picture: Chris Dlugosz/Flickr