Internet Corporation for Assigned Names and Numbers (ICANN), has confirmed that an unauthorized person obtained its account holders’ usernames, email addresses and encrypted passwords for profile accounts created on its public website (ICANN.org) last week.
This is not the first time that the company's website got hacked.
According to a news report published in ZeeSome ten months ago, the company’s website had been hacked by hackers, who accessed its internal system following a spear phishing attack in November, 2014.
The company posted in its website on August 5 that these profile accounts contained user preferences for the website, public bios, interests, newsletter subscriptions, etc.
It is said that the encrypted passwords (hashes) are not easy to reverse however, for the users safety the company has urged all its users to reset their passwords.
“When you next visit our site, please go to the login page and click the forgot password link: https://www.icann.org/users/password/new to create your new password,” the company explained.
“There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization,” the post read. While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.”