The Internet Corporation for Assigned Names and Numbers (ICANN) is investigating an apparent spear phishing attack that began in November and led to the exposure of information in some of ICANN's systems.
Email messages that appeared to come from ICANN were sent to the organization staff members and email credentials of several members were compromised. Those credentials were used to access ICANN's Centralized Zone Data System, which includes zone files and the names, postal addresses, email addresses, phone numbers and passwords of users.
The ICANN GAC Wiki was also penetrated and public information, a members-only index page and the profile of one user were viewed. The organization has “deactivated all CZDS passwords” though they “were stored as salted cryptographic hashes,” an ICANN notice said.
Attackers accessed the ICANN Blog and ICANN WHOIS information portal, but apparently caused no harm.