ICANN found the Exposure of Confidential Information over 300 times

ICANN has admitted  that confidential information had been exposed in a security error on at least 330 occasions. By conducting an audit it was revealed that it had happened 330 times between 17 April, 2013, and 17 March, 2014.

The company reported in March that misconfigured Salesforce software had given every user access to every other user’s information, including financial projections, launch plans and confidential exchanges.

The authorized user had to do was tick a box on the advanced search page to be served attachments connected to any of the more than 1,500 applications for new dot-word domains like .blog and .london, over a third of which came from the world’s biggest brands. It has impacted 96 applicants. The searches were carried out by 19 users.

CANN’s new CIO Ashwin Rangan stated in an interview  that his company does not know if the confidential attachments were downloaded or not. Those impacted “will be informed shortly.”

ICANN said it realizes that “any compromise of our users’ data is unacceptable,” and that it “deeply regrets this incident.” It pledged “to accelerate our efforts to harden all of our digital services.”

Awfully, it appears to place blame on the users that used the advanced search feature: “ICANN is contacting the user or users who appear to have viewed information that was not their own and requiring that they provide an explanation of their activity. We are also asking them to certify that they will delete or destroy all information obtained and to certify that they have not and will not use the data or convey it to any third party.”

ICANN is continuing to investigate the circumstances surrounding the access to this information and has not made a final determination regarding the nature of the access.

ICANN has encountered security breaches several times. In December 2014, the organization admitted that a number of its systems had been infected including the Centralized Zone Data System (CZDS) where the internet core root zone files are emulated.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...