One of the fifth regional Internet registries (RIR) - Asia-Pacific Network Information Center (APNIC) – allowed a breach of confidential data. APNIC deputy general director Sanjaya notified about this in organization’s blog. He specified that a technical error occurred during June update of the databases as a result of which confidential information was added to the public Whois database.
In particular, the problem affected the administrative object “Maintainer” that restricts the list of users, who have the right to edit APNIC database. In addition to other data, the information that became public contained hashed passwords that potentially could have been decrypted by criminals. In this case hackers could have made changes themselves in the APNIC database and gained control over entire blocks of IP addresses. Fortunately, there is no evidence at this time that the data has been used for malicious reasons.
Experts at eBay Red Team discovered the breach of confidential data of APNIC. They immediately notified the registry and as quickly as next day the problem was eliminated. APNIC representatives apologized to everyone who could have been affected by the incident.
