Cyber Incident Victim: Internet Corporation for Assigned Names and Numbers

In early August 2015, ICANN disclosed a security breach involving unauthorized access to user profile data from its public website. The organization confirmed that during the prior week, an attacker obtained usernames (which were email addresses) and hashed passwords for accounts created on ICANN.org. These profiles contained user-configured preferences, publicly visible biographical information, stated interests, and newsletter subscription selections. ICANN's investigation found no evidence that individual profiles were accessed or that internal systems beyond the public website were compromised. Initial findings suggested the encrypted credentials were likely acquired through unauthorized access to an external service provider rather than through direct infiltration of ICANN's infrastructure. The organization forced password resets for all affected accounts as a precautionary measure, though it noted the hashed passwords were cryptographically protected and not easily reversible to plaintext.

The breach exposed no financial data or operational systems, limiting its immediate impact to profile management functions. ICANN publicly announced the incident on August 5, 2015, advising users to reset passwords and avoid password reuse across other services. While the specific hashing algorithm and salting practices were not disclosed, the organization acknowledged theoretical risks of attackers using precomputed hash tables to crack weaker passwords. Law enforcement was notified, though no attribution or motive for the breach was provided. The disclosure coincided with a separate password-reset incident at domain registrar Hover, though ICANN did not confirm any connection between the two events. User account functionality was restored following mandatory password changes, with no subsequent reports of unauthorized profile access or credential misuse tied directly to the breach.