Domain Name News

ICANN new TLD Application System may have shown data from other applicants

Posted: 13 Apr 2012 03:12 PM PDT

According to a statement by ICANN the shutdown of the new TLD Application System (TAS) on what was to be the last day of the application window has been caused by a potential bug that “allowed a limited number of users to view some other users’ file names and user names in certain scenarios“. So ICANN took the system offline and extended the deadline in order to fix the problem, which lead to ample room for speculation for the last minute downtime, ranging from a hacking attack, site performance issues to problems with specific characters in the application System.

[Update] As DomainIncite reports, a new TLD applicant who wishes to remain anonymous had noticed the security in TAS as early as April 9th, 2012 and reported it to ICANN at that time. Apparently it was more than just a security loophole, since the other applicants files showed as attachments on his own application and he could tell which applicant it was and which TLD they were applying for just by looking at the file name.

Application is currently schedule to reopen at 23:59 (not sure which time zone) on April 17th and will close on April 20th, 2012.

See the full statement after the jump.

12 April 2012

We have learned of a possible glitch in the TLD application system software that has allowed a limited number of users to view some other users’ file names and user names in certain scenarios.

Out of an abundance of caution, we took the system offline to protect applicant data. We are examining how this issue occurred and considering appropriate steps forward.

We apologize for any concern this may have caused and will communicate on a regular basis on our website, which can be found at: http://newgtlds.icann.org

Akram Atallah
Chief Operating Officer
ICANN