ICANN has taken its registrar contact information database (RADAR) offline temporarily. This action was taken as a precautionary measure after it was learned that an unauthorized party viewed data in the system. ICANN has found no evidence of any unauthorized changes to the data in the system. Although the vulnerability has been corrected, RADAR will remain offline until a thorough review of the system is completed.
ICANN's logs indicate that the data that was accessed in this incident included usernames, email addresses, and hashed passwords. While no actual unencrypted passwords were taken, it is possible for a malicious person with enough computing power to reverse a hashed password, particularly a simple or common one. ICANN has uncovered no evidence that any RADAR accounts were accessed using compromised credentials. All RADAR login credentials have been reset and registrar end-users have been notified.
We apologize for the inconvenience this situation may cause. ICANN is committed to ongoing improvements in security procedures and systems. Registrars requiring additional information should contact firstname.lastname@example.org.