announced that their system were compromised by a phishing attack. Some of the staff of ICANN fell victim to a spear phishing attack.
The phishing mail was designed to look like they came from ICANN’s own domain name being sent to members of its staff. Email credentials of several ICANN staff members were obtained.
ICANN said that the attackers had gained administrative access to some of ICANN’s systems, including its Centralized Zone Data Service (CZDS). The Centralized Zone Data System (CZDS). This system is a repository for zone files from each registry, updated daily. Many bloggers use this system to download zone file data.
ICANN noted that the attack was occur in late November. Attacker gained access copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username and password. It says the passwords were stored as salted cryptographic hashes, but it has reset all passwords as a precaution.
ICANN is a nonprofit organization that has assumed the responsibility for IP address space allocation, protocol parameter assignment, domain name system management and root server system management functions previously performed under U.S. Government contract.In early December 2014 ICANN discovered that the compromised credentials were used to access other ICANN systems besides email. Additionally Unauthorized access was also obtained to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal.