Error during database upgrade releases hashed APNIC passwords into the wild

Error during database upgrade releases hashed APNIC passwords into the wild

NCSC and ACSC sign up to popular data breach alert service

APNIC, the Regional Internet Address Registry, has admitted that a technical error in June landed hashed passwords of Maintainer and IRT objects in the hands of third parties.

APNIC admitted that the hashed passwords for Maintainer and IRT objects can be decoded by a malicious actor with the right decryption tools.

APNIC, the Asia-Pacific Network Information Centre, was made aware of the data breach earlier this month by Chris Barcellos from eBay’s Red Team who noticed that information from APNIC’s WHOIS database was being republished on a third party website. The said WHOIS data contained hashed authentication details for APNIC WHOIS Maintainer and IRT objects.

The registry has subsequently reset all passwords for Maintainer and IRT objects that were leaked following a technical error during the upgrade of the WHOIS database in June.

‘APNIC apologises for any inconvenience and concern that this error has caused. There are certainly lessons for APNIC after this error and we have now begun a post-incident review to determine how our processes failed and where we can improve to ensure this doesn’t happen again,’ it said.

All objects in the WHOIS database are protected by the Maintainer object and hence, anyone who can access Maintainer can make changes to other objects as well. The Incident Response Team object contains contact information for an organization’s administrators responsible for receiving reports of network abuse activities. Hence, the security of both these objects is critical to the registry’s activities.

APNIC admitted that had the hashed passwords been breached, the entire WHOIS database could be corrupted or falsified for misuse. However, the breach occurred in June and there is no confirmation if any malicious actor was indeed able to decrypt the hashed passwords.

To ensure such breaches do not occur in the future, the registry said it will not include hashes in future WHOIS data downloads.

‘APNIC is continuing to analyse its logs to search for any signs of misuse as a result of this error. So far, we have found no evidence of irregularities. However, we would recommend that resource holders check the whois details of their holdings to make sure that all is correct,’ the registry said.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]