Latest news of the domain name industry

Recent Posts

Most ICANN new gTLD breaches were over a year ago

Kevin Murphy, May 4, 2015, 19:26:46 (UTC), Domain Registries

Almost three quarters of the security breaches logged against ICANN’s new gTLD portal occurred over a three-month period in early 2014, DI can reveal.

Almost every incident of a new gTLD applicant coming across data they weren’t supposed to see — 322 of the 330 total — happened before the end of October last year, ICANN told DI.

Most — 244 of the 330 — happened before April 30 last year.

The first breach, discovered by an independent audit of the portal, was January 22 2014.

ICANN says it was first notified of there being a problem on February 27, 2015.

The improper data disclosures were announced by ICANN last week.

As we reported, a simple configuration error by ICANN in third-party software allowed users of the Global Domains Division portal — all new gTLD applicants — to view confidential data belonging to other applicants.

Documents revealed could have included sensitive financial projections and registry technical details.

My first assumption was that the majority of the incidents — which have been deliberate or accidental — were relatively recent, but that turns out not to be the case.

In fact, if anyone did download data they weren’t supposed to see, most of them did it over a year ago.

ICANN has been notifying applicants and registries about whether their own data was compromised and expects to have told each affected applicant which other applicants could have seen their data before May 27.

Ninety-six applicants and 21 registries were affected.

Tagged: , , , ,

Comments (1)

  1. Salim says:

    ICANN should be more careful with sensitive and confidential documents. I hope ICANN will continue to do its best to protect the customer from such security breaches in the future.
    Thanks for sharing

Add Your Comment