The overseer of the Internet’s addressing system said Wednesday that someone obtained information related to user accounts for its public website, although no financial information was divulged.
ICANN, short for the Internet Corporation for Assigned Names and Numbers, said user names, email addresses, encrypted passwords and other data, such as bios, interests and newsletter subscriptions, were contained in the accounts.
Despite the breach, the accounts as well as internal ICANN systems do not appear to have been accessed, the organization said in a post on its website.
Although an investigation continues, ICANN said the “encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.” It did not name that provider.
ICANN is responsible for the management of key parts of Internet infrastructure, including the DNS (Domain Name System), which is handled by an ICANN department, the Internet Assigned Numbers Authority (IANA). IANA was unaffected by the breach.
Those who have an ICANN website account will have to reset their passwords. The breached passwords were encrypted, which makes it harder but not impossible for hackers to figure out the original, plain-text ones.
The breach comes after ICANN has experienced technical issues and other problems with cyberattacks. In March, ICANN apologized after a technical problem allowed some applicants for new top-level domains to see other applicants’ information.
Last December, some ICANN staff members saw their email credentials compromised after a phishing attack. The breach also exposed technical data, including zone files, which are needed to resolve domain names to Internet Protocol (IP) numbers, and ICANN’s Governmental Advisory Committee’s Wiki.