Security gTLD Problems Unveiled and Solved at ICANN

New checks in security on ICANN systems revealed there has been a breach which allowed some of the applicants to access protected data of other applicants, shows an audit that was requested in order to determine the degree of the intrusion.

What was discovered by the investigation was that the unauthorized access was possible using the login data of 19 users, leading to exposure of 96 applicants and 21 registry operators, during a total number of 36 access sessions, starting April 2013. ICANN promised they will reveal the identity of both the people that accessed the data (they will be asked for an explanation of their activity and destroy the data they had access to, if they still have it) and will inform the ones that were affected regarding what parts of the information was exposed.

The findings of the investigation were followed by a statement from ICANN’s Chief Information and Innovation Officer, Ashwin Rangan, who acknowledged the gravity of the breach, offered apologizes for the incident and ensured users they will be performing serious updates to their servers concerning security issues that could be fixed.

Last year ICANN used the services of a third party expert in order to evaluate their portfolio assets and initiated a program meant to solve any issues that might need their attention. They also promised they would continue to evaluate and diagnose their systems so that such unauthorized incidents will not happen anytime soon.