Service announcement: 17 October 2017

Whois IRT object password reset

Start TimeTuesday, 17 October 2017 22:20 (UTC +10)
End TimeTuesday, 17 October 2017 23:00 (UTC +10)
Duration40 minutes
Services affected

APNIC is resetting the IRT whois object passwords for all APNIC resource holders.

Description

Due to a technical error during the upgrade of APNIC’s whois database in June 2017, hashed authentication details for APNIC whois IRT objects were inadvertently included in downloadable whois data which is released to certain external parties under an Acceptable Use Policy.

Although password details are hashed within IRT objects, there is a possibility that passwords could have been derived from the hash.

APNIC has fixed the error to prevent this information being included in downloadable feeds.  As a precaution, APNIC has also reset the IRT passwords for all potentially vulnerable whois objects in the APNIC database.

APNIC has found no evidence of malicious editing of public whois information as a result of the whois upgrade error.  The registered holdings of all APNIC Members and customers are unaffected by this error.

The action APNIC has taken to change IRT passwords is precautionary, but necessary to ensure the integrity of whois information.

We apologize for the loss of facilities and any inconvenience caused. Should you require assistance in dealing with any problems arising from this outage, please contact the APNIC Helpdesk.