The Asia-Pacific Network Information Centre (APNIC), the non-profit organization that provides Internet addressing services in the Asia-Pacific region, informed the community on Monday of a Whois-related security incident that led to the exposure of authentication data.
According to APNIC Deputy Director General Sanjaya, downloadable Whois data included authentication details for Maintainer and IRT objects. APNIC discovered the incident on October 12 after a member of eBay’s Red Team reported that a third-party site had been republishing downloadable Whois data. The issue was resolved the next day.
The exposed data included password hashes that attackers may have been able to crack and use to falsify or corrupt Whois data.
APNIC says it has not found any evidence of abuse, but it’s still analyzing logs. The organization pointed out that any unauthorized changes would only result in public misrepresentation of Whois data and not actually cause the transfer of IP resources.
Sanjaya said the incident was related to Maintainer and Incident Response Team (IRT) objects in the APNIC Whois database. The role of the Maintainer is to protect objects in the database against unauthorized access, while the IRT contains contact information for reporting abuse to an organization.
Both Maintainer and IRT have an “auth” attribute that specifies a hashing format and stores an access password in the specified format. An error during the upgrade of the APNIC Whois database caused the “auth” hashes to be included in downloadable data.
Since learning of the leak, APNIC has been working with affected users to have the exposed passwords changed. The process was completed on Monday.
“All Maintainer and IRT passwords have now been reset, so there is no need to change them again if you are an APNIC resource holder,” Sanjaya said. “However, if you wish to change the new passwords to something more memorable, you should not choose the previous password (and if the old password was being used elsewhere on other systems, you should change those passwords).”
APNIC is now trying to determine what led to the error and what can be done to prevent such incidents when upgrades are performed in the future.
Related: Accenture Exposed Data via Unprotected Cloud Storage Bucket
Related: NIST Readies to Tackle Internet’s Global BGP Vulnerabilities
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
