Asia's Network Information Centre Exposed Its Whois Database in a Google Cloud Bucket

Asia’s Network Information Centre Exposed Its Whois Database in a Google Cloud Bucket

The Asia Pacific Network Information Centre (APNIC) disclosed that the database, which contained sensitive information, was left exposed publicly for three months.

APNIC’s Deputy Director General Sanjay Sanjaya said the issue was caused by a configuration error that occurred during a routine maintenance work on one of the company’s servers.

A dump from the Whois SQL database was copied over to a Google Cloud storage bucket, which was later found to be exposed to the public.

“It is not known if the data was accessed, as complete log files are not available. However, initial investigations reveal no sign of suspicious update activity,” Sanjaya stated.

Although it is not yet clear if the data was accessed, the initial investigations suggest that there is no sign of suspicious activity.

Sanjaya said the exposed bucket “contained hashed authentication details for APNIC whois maintainer and IRT objects, and also included some private whois objects that are not visible on APNIC’s regular public whois service”.

The hashed passwords are used to prevent unauthorized people from accessing APNIC’s Whois database. Santaja also explained IRT objects contain “contact information for an organization’s administrators responsible for receiving reports of network abuse activities”. The contents of the private objects vary, as there were comments added by resource holders. But the internal review found that the database predominantly contains corporate contact details, APNIC assured.

The company says it has reset passwords, apologized, and taken steps to prevent any future issues.

The organization also pointed out that the data exposed belonged to only a small group of users and concerned maintainers, and that users of MyAPNIC did not need to change their passwords.

The public should not worry as the data in the dump is from up till October 2017, and there is no evidence that hashed passwords have been cracked.

The organization has also promised to detail its response to the incident, and its subsequent aftermath, at its next APNIC 52 conference in September.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.