ICANN has announced that it temporarily took its New gTLD Applicant and GDD portals offline on 27 February 2015 to investigate a reported security issue.
This week’s announcement also follows on the heels of a spear-phishing attack in December where a number of ICANN’s systems were compromised including the Centralized Zone Data System (CZDS) – where the internet core root zone files are mirrored – the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog.
Read the announcement below
New gTLD Applicant and GDD Portal Update
ICANN temporarily took its New gTLD Applicant and GDD portals offline on 27 February 2015 to investigate a reported security issue. Access to, and data in, these portals is limited to New gTLD Program applicants and New gTLD registry operators. Under certain circumstances an authenticated portal user could potentially view data of, or related to, other users.
There is currently no indication that this issue resulted in any actual exposure of data to an unauthorized party. There is also no indication that anyone other than those authorized to access the portal did so.
We are working to implement a solution to the reported issue and bring the portals back online. We are also continuing to investigate whether any data was exposed to an unauthorized user.
As more information becomes available we will report on our findings and publish updates at www.icann.org/news and http://newgtlds.icann.org/en/announcements-and-media/latest.