The Internet Corporation for Assigned Names and Numbers (ICANN) announced on Thursday the completion of the first phase of its investigation into the impact of a vulnerability affecting two of the organization’s generic top-level domain (gTLD) portals.
On February 27, ICANN shut down the New gTLD Applicant and GDD (Global Domains Division) portals after learning of a security flaw that exposed user records. The affected websites are only accessible to applicants and registry operators, and they are used in the evaluation and contracting processes.
In early March, shortly after restoring access to the affected portals, ICANN noted that it hadn’t found any evidence of unauthorized access. However, after reviewing logs dating back to April 2013, when the New gTLD Applicant portal was activated, and March 2014, when the GDD portal was activated, the two consulting firms called in by ICANN to investigate the incident determined that some users had in fact accessed records that didn’t belong to them.
“Based on the investigation to date, the unauthorized access resulted from advanced searches conducted using the login credentials of 19 users, which exposed 330 advanced search result records, pertaining to 96 applicants and 21 registry operators. These records may have included attachment(s). These advanced searches occurred during 36 user sessions out of a total of nearly 595,000 user sessions since April 2013,” ICANN said.