ICANN found the Exposure of Confidential Information over 300 times

ICANN has admitted  that confidential information had been exposed in a security error on at least 330 occasions. By conducting an audit it was revealed that it had happened 330 times between 17 April, 2013, and 17 March, 2014.

The company reported in March that misconfigured Salesforce software had given every user access to every other user’s information, including financial projections, launch plans and confidential exchanges.

The authorized user had to do was tick a box on the advanced search page to be served attachments connected to any of the more than 1,500 applications for new dot-word domains like .blog and .london, over a third of which came from the world’s biggest brands. It has impacted 96 applicants. The searches were carried out by 19 users.

CANN’s new CIO Ashwin Rangan stated in an interview  that his company does not know if the confidential attachments were downloaded or not. Those impacted “will be informed shortly.”

ICANN said it realizes that “any compromise of our users’ data is unacceptable,” and that it “deeply regrets this incident.” It pledged “to accelerate our efforts to harden all of our digital services.”

Awfully, it appears to place blame on the users that used the advanced search feature: “ICANN is contacting the user or users who appear to have viewed information that was not their own and requiring that they provide an explanation of their activity. We are also asking them to certify that they will delete or destroy all information obtained and to certify that they have not and will not use the data or convey it to any third party.”

ICANN is continuing to investigate the circumstances surrounding the access to this information and has not made a final determination regarding the nature of the access.

ICANN has encountered security breaches several times. In December 2014, the organization admitted that a number of its systems had been infected including the Centralized Zone Data System (CZDS) where the internet core root zone files are emulated.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...