Security News > 2021 > June > APNIC left a dump from its Whois SQL database in a public Google Cloud bucket
The Asia Pacific Network Information Centre, the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months.
During that maintenance effort, a dump from APNIC's Whois SQL database was copied to a Google Cloud storage bucket that Sanjaya said "Was believed to be private".
The Deputy DG said the file in the exposed bucket "Contained hashed authentication details for APNIC whois maintainer and IRT objects, and also included some private whois objects that are not visible on APNIC's regular public whois service".
We're told the hashed passwords are used to protect entries in APNIC's Whois database so that only authorised people can make changes to records.
Stakeholders can take some comfort from the fact that the private object data in the dump is only as recent as October 2017, and that APNIC can find no evidence that hashed passwords have been cracked and used to make mischief.
The organisation has also promised to detail the incident, and its aftermath, at its very own APNIC 52 conference in September.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/22/apnic_whois_data_exposed/
Related news
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- All Google Cloud users will have to enable MFA by 2025 (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)