Error during database upgrade releases hashed APNIC passwords into the wild

Error during database upgrade releases hashed APNIC passwords into the wild

NCSC and ACSC sign up to popular data breach alert service

APNIC, the Regional Internet Address Registry, has admitted that a technical error in June landed hashed passwords of Maintainer and IRT objects in the hands of third parties.

APNIC admitted that the hashed passwords for Maintainer and IRT objects can be decoded by a malicious actor with the right decryption tools.

APNIC, the Asia-Pacific Network Information Centre, was made aware of the data breach earlier this month by Chris Barcellos from eBay’s Red Team who noticed that information from APNIC's WHOIS database was being republished on a third party website. The said WHOIS data contained hashed authentication details for APNIC WHOIS Maintainer and IRT objects.

The registry has subsequently reset all passwords for Maintainer and IRT objects that were leaked following a technical error during the upgrade of the WHOIS database in June.

'APNIC apologises for any inconvenience and concern that this error has caused. There are certainly lessons for APNIC after this error and we have now begun a post-incident review to determine how our processes failed and where we can improve to ensure this doesn’t happen again,' it said.

All objects in the WHOIS database are protected by the Maintainer object and hence, anyone who can access Maintainer can make changes to other objects as well. The Incident Response Team object contains contact information for an organization’s administrators responsible for receiving reports of network abuse activities. Hence, the security of both these objects is critical to the registry's activities.

APNIC admitted that had the hashed passwords been breached, the entire WHOIS database could be corrupted or falsified for misuse. However, the breach occurred in June and there is no confirmation if any malicious actor was indeed able to decrypt the hashed passwords.

To ensure such breaches do not occur in the future, the registry said it will not include hashes in future WHOIS data downloads.

'APNIC is continuing to analyse its logs to search for any signs of misuse as a result of this error. So far, we have found no evidence of irregularities. However, we would recommend that resource holders check the whois details of their holdings to make sure that all is correct,' the registry said.

Copyright Lyonsdown Limited 2021

Top Articles

Exposure of financial services to phishing rose by 125% in 2020

There was a 125% surge in the number of phishing attacks that financial services and insurance organisations experienced between 2019 and 2020.

Millions of Brits using old and unsecured routers, finds Which? ISPs differ

Which? has warned that millions of Brits are using old Wi-Fi routers, vulnerabilities in which could be exploited by hackers.

Scripps Health suffers a ransomware attack, suspends critical operations

Scripps Health recently suffered a ransomware attack that forced it to suspend user access to its online portal and applications and divert patient care operations.

Related Articles