Service announcement: 13 October 2017

Whois ‘Maintainer’ object password reset

Start TimeFriday, 13 October 2017 17:45 (UTC +10)
End TimeFriday, 13 October 2017 19:00 (UTC +10)
Duration1 hour 15 minutes
Services affected

APNIC is resetting the Maintainer whois object passwords for all APNIC resource holders.

Description

Due to a technical error during the upgrade of APNIC’s whois database in June 2017, hashed authentication details for APNIC whois ‘Maintainer’ objects were inadvertently included in downloadable whois data which is released to certain external parties under an Acceptable Use Policy (AUP).

Although password details are hashed within Maintainer objects, there is a possibility that passwords could have been derived from the hash.

APNIC has fixed the error to prevent this information being included in downloadable feeds, and as a precaution, has reset the Maintainer passwords for all potentially vulnerable whois objects in the APNIC database.

APNIC has found no evidence of malicious editing of public whois information as a result of the whois upgrade error. The registered holdings of all APNIC Members and customers are unaffected by this error.

The action APNIC has taken to change Maintainer passwords is precautionary, but necessary to ensure the integrity of whois information.

Resource holders who have registered their Maintainer password in MyAPNIC do not need to take any action.

We apologize for the loss of facilities and any inconvenience caused. Should you require assistance in dealing with any problems arising from this outage, please contact the APNIC Helpdesk.