ICANN reveals 12 more data breaches
Twelve more new gTLD applicants have been found to have exploited a glitch in ICANN’s new gTLD portal to view fellow applicants’ data.
ICANN said last night that it has determined that all 12 access incidents were “inadvertent” and did not disclose personally identifiable information.
The revelation follows an investigation that started in April this year.
ICANN said in a statement:
in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.
The glitch in question was a misconfiguration of a portal used by gTLD applicants to file and view their documents.
It was possible to use the portal’s search function to view attachments belonging to other applicants, including competing applicants for the same string.
Donuts said in June that the prices it was willing to pay at auction for gTLD string could have been inferred from the compromised data.
ICANN told compromised users in May that the only incidents of non-accidental data access could be traced to the account of Dirk Krischenowski, CEO of dotBerlin.
Krischenowski has denied any wrongdoing.
ICANN said last night that its investigation is now over.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
Recent Comments