BreachExchange mailing list archives
RIPE NCC Internet Registry discloses SSO credential stuffing attack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 22 Feb 2021 09:20:00 -0600
https://www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/ RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts. RIPE NCC is a not-for-profit regional Internet registry for Europe, the Middle East, and parts of Central Asia. It is responsible for allocating blocks of IP addresses to Internet providers, hosting providers, and organizations in the EMEA region. Membership includes over 20,000 organizations from over 75 countries who act as Local Internet Registries (LIRs) to assign IP address space to other organizations in their own country. RIPE NCC hit by a credential stuffing attack RIPE disclosed today that they suffered a credential stuff attack over the weekend targeting their single sign-on (SSO) service. This SSO service is used to login to all RIPE sites, including My LIR, Resources, RIPE Database, RIPE Labs, RIPEstat, RIPE Atlas, and the RIPE Meeting websites. "Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. "We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future," RIPE NCC disclosed today in an announcement on their website. RIPE states that their investigation does not indicate that any of their accounts have been compromised, but they will immediately contact the account holders if any are found. The RIPE NCC SSO service offers two-factor authentication, which members can enable on their profile page. RIPE urges all users to enable two-factor authentication on their Access accounts to prevent compromise in future credential-stuffing attacks. RIPE asks any users who detect suspicious activity on their account to contact them immediately. It is also recommended to use a different password at every site you frequent to prevent leaked credentials from being used in credential stuffing attacks at other websites. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- RIPE NCC Internet Registry discloses SSO credential stuffing attack Destry Winant (Feb 22)