The Internet Corporation for Assigned Names and Numbers (ICANN) announced that they have fallen victim to a phishing attack which resulted in the attackers gaining administrative access to some of ICANN's systems. ICANN believes a "spear phishing" attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.

In early December 2014 ICANN discovered that the compromised credentials were used to access other ICANN systems besides email, including the Centralized Zone Data System (czds.icann.org). The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, ICANN has deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org.

Unauthorized access was also obtained to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal. No impact was found to either of these systems.