ICANN is warning users of its systems that a November phishing attack may have resulted in personal information being stolen. “ICANN is investigating a recent intrusion into our systems,” warns the organisation in an email sent out today, December 17, 2014. “We believe a “spear phishing” attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.”
As a result, ICANN has reset credentials for several of its customer systems and is asking users to select new passwords.
“Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures.”