The Internet Corporation for Assigned Names and Numbers (ICANN) shut down two new generic top-level domain portals last week amid a security risk that could have exploited users previously viewed data.
Confidential data relating to companies competing for new dot-word domains may have been stolen sometime last week by rivals logging into ICANN’s catch-all portal, meaning commercially sensitive information as well as important technical details regarding the Internet’s expansion were at risk for a short period of time. ICANN has since taken the vulnerable applications offline, and has since patched the bugs.
ICANN issued a statement (PDF) saying the security issue only affected the New gTLD Applicant and GDD (Global Domains Division) portals. ICANN said the portals contained information regarding New gTLD Program applicants and New gTLD registry operators, which were only supposed be accessible to a limited number of people.
“Under certain circumstances an authenticated portal user could potentially view data of, or related to, other users,” the non-profit wrote in the publicly issued statement yesterday, following the portals coming back online.
Potentially viewable data included technical information on adding new generic top-level domains (gTLDs) to the Internet’s root DNS, contact information, commercially sensitive details regarding dot-word domain launches and interactions between operators of the Internet’s domain name system and ICANN, the supervisor.
“There is currently no indication that this issue resulted in any actual exposure of data to an unauthorized party,” ICANN announced. “There is also no indication that anyone other than those authorized to access the portal did so. We are working to implement a solution to the reported issue and bring the portals back online. We are also continuing to investigate whether any data was exposed to an unauthorized user.”
ICANN’s GDD portal oversees all the operations of generic top-level domains, being put in place just under a year ago. The GDD website covers communications with operators of top-level domains such as .london or .book, and runs alongside Salesforce’s secure platform.
As Salesforce has not made any announcement regarding the vulnerability plaguing its software, it suggests ICANN operators are at fault, setting up the portal improperly, leaving sensitive data at risk.
ICANN assured users it addresses the security risk and restored access back to the portals as of March 2.
This is not the first time ICANN has had a security mishap leaving portals offline, a “glitch” back in April 2012 left ICANN with a web app offline for over a month, stalling a release the company had worked on for four years.
ICANN also suffered a security incident last year, in December 2014 when the company suffered a spear phishing attack. As a result, hackers successfully breached employee’s machines, gaining administrative access to a number of computers, even including its Centralized Zone Data Service (CZDS), a service that provides a centralized access point for parties interested to request access to the Zone files provided by participating TLDs.
ICANN said the company will release more information following the investigation.