ICANN found the Exposure of Confidential Information over 300 times

ICANN has admitted  that confidential information had been exposed in a security error on at least 330 occasions. By conducting an audit it was revealed that it had happened 330 times between 17 April, 2013, and 17 March, 2014.

The company reported in March that misconfigured Salesforce software had given every user access to every other user’s information, including financial projections, launch plans and confidential exchanges.

The authorized user had to do was tick a box on the advanced search page to be served attachments connected to any of the more than 1,500 applications for new dot-word domains like .blog and .london, over a third of which came from the world’s biggest brands. It has impacted 96 applicants. The searches were carried out by 19 users.

CANN’s new CIO Ashwin Rangan stated in an interview  that his company does not know if the confidential attachments were downloaded or not. Those impacted “will be informed shortly.”

ICANN said it realizes that “any compromise of our users’ data is unacceptable,” and that it “deeply regrets this incident.” It pledged “to accelerate our efforts to harden all of our digital services.”

Awfully, it appears to place blame on the users that used the advanced search feature: “ICANN is contacting the user or users who appear to have viewed information that was not their own and requiring that they provide an explanation of their activity. We are also asking them to certify that they will delete or destroy all information obtained and to certify that they have not and will not use the data or convey it to any third party.”

ICANN is continuing to investigate the circumstances surrounding the access to this information and has not made a final determination regarding the nature of the access.

ICANN has encountered security breaches several times. In December 2014, the organization admitted that a number of its systems had been infected including the Centralized Zone Data System (CZDS) where the internet core root zone files are emulated.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...