Shaun Nichols reports:
ICANN says its website’s user accounts have been compromised by hackers who gained access to their names, email addresses, hashed passwords, and more.
On Wednesday, the domain-name system overlord admitted its server security was breached within the past week: an “unauthorized person” obtained account records, which included harmless info such as site preferences, and newsletter subscriptions, as well as the usernames and passwords.
The passwords were encrypted one-way using the bcrypt algorithm. ICANN has reset people’s passwords, and warns anyone who reused their ICANN.org password on other websites to change their passwords for those accounts immediately, just in case someone cracks the ICANN.org hashes.
Read more on The Register.