Service announcement: 13 October 2017
Whois ‘Maintainer’ object password reset
Start Time | Friday, 13 October 2017 17:45 (UTC +10) |
End Time | Friday, 13 October 2017 19:00 (UTC +10) |
Duration | 1 hour 15 minutes |
Services affected | APNIC is resetting the Maintainer whois object passwords for all APNIC resource holders. |
Description | Due to a technical error during the upgrade of APNIC’s whois database in June 2017, hashed authentication details for APNIC whois ‘Maintainer’ objects were inadvertently included in downloadable whois data which is released to certain external parties under an Acceptable Use Policy (AUP). Although password details are hashed within Maintainer objects, there is a possibility that passwords could have been derived from the hash. APNIC has fixed the error to prevent this information being included in downloadable feeds, and as a precaution, has reset the Maintainer passwords for all potentially vulnerable whois objects in the APNIC database. APNIC has found no evidence of malicious editing of public whois information as a result of the whois upgrade error. The registered holdings of all APNIC Members and customers are unaffected by this error. The action APNIC has taken to change Maintainer passwords is precautionary, but necessary to ensure the integrity of whois information. Resource holders who have registered their Maintainer password in MyAPNIC do not need to take any action. |
We apologize for the loss of facilities and any inconvenience caused. Should you require assistance in dealing with any problems arising from this outage, please contact the APNIC Helpdesk.