ICANN in a statement(PDF) said that the security issue affected the New gTLD Applicant and GDD (Global Domains Division) portals. ICANN said that these portals contain information on New gTLD Program applicants and registry operators and were supposed to be only accessible to applicants and operators to carry out evaluation and contracting processes. ICANN said a authorised user had informed them that these portals contained a vulnerability which could have allow an authenticated user to view the data of other users. ICANN also said it had addressed the bug and restored access to the portals on March 2. Further it sated that it had no evidence to suggest that the vulnerability had been exploited by any third party thus far. A1: An issue was reported that could potentially affect users of the New gTLD Applicant and GDD (Global Domains Division) portals. Under certain circumstances, an authenticated portal user could potentially view data of, or related to, other users. Access to, and data in, these portals is limited to New gTLD Program applicants and New gTLD registry operators. This is the second time, ICANN had to go public with the security issue. Back in Decmeber, 2014 ICANN had suffered a spear phishing attack resulting in attackers gaining administrative access to some of its’s systems, including its Centralized Zone Data Service (CZDS).
