ICANN, again, exposes domain applicants' info

The Internet Corporation for Assigned Names and Numbers, which recently published nearly 2,000 applications for new generic top-level domains, might not be applying for a spot on a new .secure domain.

In posting the applications on what it called Reveal Day, June 13, ICANN also accidentally published the home addresses of some of the applicants, which forced ICANN to take the applications offline for a while before restoring them June 15.

That followed a glitch in April, during the application process, that exposed information on 105 applicants to some other applicants and forced ICANN to shut down the online application system for six weeks.

Related coverage:

Google, Amazon – and conflicts – dominate potential new Internet domains

105 Top Level Domain applicants had info exposed

In a posting on its site, ICANN said the contact information was not supposed to be published and apologized for the “oversight.”

Each application had 50 questions, only 30 of which ICANN intended to publish, according to a report in The Register. But the full contact information, including some home addresses, of each applicant’s primary and secondary contacts wound up on the site.

Whether either mistake constitutes a major breach is probably in the eye of the applicants whose information was exposed, but it does constitute an embarrassment for ICANN. And the organization likely didn’t score points with the companies applying for domains intended to be secure.

Three applicants, including Fern Trail, Defender Security and Symantec, applied for the .security domain. And two, Amazon and Artemis Internet, applied for .secure.

Artemis, a start-up Internet registry, had already announced its application for .secure and said it would enforce rigorous security standards for any organization in that domain. “If you are not in compliance, we will turn your site off until you fix it,” Alex Stamos, the company’s chief technology officer, told GCN.

Luckily for ICANN, there will always be .org.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected