Hackers breached the Internet Corporation for Assigned Names and Numbers (ICANN), the organization that coordinates unique web addresses all across the world, but luckily didn’t hit the Internet Assigned Numbers Authority, an important leg that keeps the Internet running smoothly.
Attackers used “spear fishing” to break into the system in late November, according to a post on ICANN’s website this week. Staffers received email messages that appeared to be coming from ICANN’s own domain; several ICANN staffers’ emails were compromised.
Attackers gained administrative privileges in a leg of ICANN called the Centralized Zone Data Service (CZDS), which they used to gather a slew of information entered by users: names, postal addresses, emails and phone numbers. Passwords were encrypted, but ICANN has still deactivated all CZDS passwords as a precaution.
“Based on our investigation to date, we are not aware of any other systems that have been compromised,” the post read.
ICANN credits the relative insignificance of the attack to the organization’s beefed-up security measures.
“We believe these enhancements helped limit the unauthorized access obtained in the attack,” ICANN said. “Since discovering the attack, we have implemented additional security measures.”