Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

APNIC Whois Error Led to Exposure of Passwords

The Asia-Pacific Network Information Centre (APNIC), the non-profit organization that provides Internet addressing services in the Asia-Pacific region, informed the community on Monday of a Whois-related security incident that led to the exposure of authentication data.

The Asia-Pacific Network Information Centre (APNIC), the non-profit organization that provides Internet addressing services in the Asia-Pacific region, informed the community on Monday of a Whois-related security incident that led to the exposure of authentication data.

According to APNIC Deputy Director General Sanjaya, downloadable Whois data included authentication details for Maintainer and IRT objects. APNIC discovered the incident on October 12 after a member of eBay’s Red Team reported that a third-party site had been republishing downloadable Whois data. The issue was resolved the next day.

The exposed data included password hashes that attackers may have been able to crack and use to falsify or corrupt Whois data.

APNIC says it has not found any evidence of abuse, but it’s still analyzing logs. The organization pointed out that any unauthorized changes would only result in public misrepresentation of Whois data and not actually cause the transfer of IP resources.

Sanjaya said the incident was related to Maintainer and Incident Response Team (IRT) objects in the APNIC Whois database. The role of the Maintainer is to protect objects in the database against unauthorized access, while the IRT contains contact information for reporting abuse to an organization.

Both Maintainer and IRT have an “auth” attribute that specifies a hashing format and stores an access password in the specified format. An error during the upgrade of the APNIC Whois database caused the “auth” hashes to be included in downloadable data.

Since learning of the leak, APNIC has been working with affected users to have the exposed passwords changed. The process was completed on Monday.

“All Maintainer and IRT passwords have now been reset, so there is no need to change them again if you are an APNIC resource holder,” Sanjaya said. “However, if you wish to change the new passwords to something more memorable, you should not choose the previous password (and if the old password was being used elsewhere on other systems, you should change those passwords).”

APNIC is now trying to determine what led to the error and what can be done to prevent such incidents when upgrades are performed in the future.

Related: Accenture Exposed Data via Unprotected Cloud Storage Bucket

Related: NIST Readies to Tackle Internet’s Global BGP Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.