Security incident on the CENTR website

You may have noticed that the CENTR website was down between Friday 1st November and Wednesday 6 November.

CENTR stands for the Council of European National Top-Level Domain Registries (CENTR).

What Happened

We discovered on Friday 1st November that a third party had managed to access the www.centr.org website and obtain a user list which they shared on Twitter on 25 October. This list included names, email addresses and hashed passwords. Fortunately, according to the web server error log files, this is the only data that was compromised.

What we have done

We disabled the website as soon as we discovered the incident, as well as notifying our members immediately, and started investigating exactly how the hackers entered the system. Once the access breach was fixed and we were certain the website was safe, we overwrote the existing passwords with dummy data and implemented a stricter password policy before putting the website online again.

Finally we informed anyone with a user account that their passwords had been overwritten, asking them to reset their passwords. Furthermore, the Data Protection Authority has been alerted of this data breach.

Next steps

The gravity of this situation cannot be overlooked and so we will continue to work closely with our web developers, hosting provider and security experts from our membership to help understand exactly how this happened and how to prevent it from happening again.

We ask that anyone who has a user account on the CENTR website be mindful of proper password security, and that they follow the recommendations included in the email sent out last Wednesday.

For more information please contact the CENTR Secretariat by email, secretariat@centr.org.

Sold.Domains

About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and now live in Athens, Greece. I love domains and building websites. I am online since 1995, learned about HTML in 1996 and about domains in 2002. I started publishing the OnlineDomain.com blog in 2012.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.