APNIC left a dump from its Whois SQL database in a public Google Cloud bucket

2021-06-22 01:08

The Asia Pacific Network Information Centre, the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months.

During that maintenance effort, a dump from APNIC's Whois SQL database was copied to a Google Cloud storage bucket that Sanjaya said "Was believed to be private".

The Deputy DG said the file in the exposed bucket "Contained hashed authentication details for APNIC whois maintainer and IRT objects, and also included some private whois objects that are not visible on APNIC's regular public whois service".

We're told the hashed passwords are used to protect entries in APNIC's Whois database so that only authorised people can make changes to records.

Stakeholders can take some comfort from the fact that the private object data in the dump is only as recent as October 2017, and that APNIC can find no evidence that hashed passwords have been cracked and used to make mischief.

The organisation has also promised to detail the incident, and its aftermath, at its very own APNIC 52 conference in September.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/22/apnic_whois_data_exposed/

#cloud #database #google #googlecloud #SQL #whois

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		141	994	4850	2758	1634	10236

News URL

Related news

Related vendor