As ICANN reported on 16 December 2014, it was recently the target of a so-called “spear phishing” attack. During this attack the email credentials of some ICANN staff were compromised by hackers.
“As mentioned in our original announcement, we have confirmed that the attack has not impacted any IANA-related systems. The ICANN staff members whose passwords were compromised did not have access to the IANA functions systems.
The IANA functions are a separate system with additional security measures that have not been breached.
During and after the attack, all critical functions hosted by hosted by ICANN, including the IANA functions, remained fully operational and unaffected by the attacker’s activities.
ICANN employs multiple levels of protection for its most critical services. While the attackers were able to breach the outermost layer of defenses, our on-going investigation indicates our most critical systems were not affected.