After an “unauthorized person” got hold of all the logins and passwords of the ICANN.org website, the organization asks its users to change their passwords.
“ICANN has reason to believe that within the last week, usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website were obtained by an unauthorized person.
There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization.
While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.
These encrypted passwords (hashes) are not easy to reverse, but as a precaution we are requiring that all users reset their passwords.
No operational information, financial data or IANA systems were involved”.