BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

RIPE NCC Internet Registry discloses SSO credential stuffing attack

From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 22 Feb 2021 09:20:00 -0600
https://www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/

 RIPE NCC is warning members that they suffered a credential stuffing
attack attempting to gain access to single sign-on (SSO) accounts.

RIPE NCC is a not-for-profit regional Internet registry for Europe,
the Middle East, and parts of Central Asia. It is responsible for
allocating blocks of IP addresses to Internet providers, hosting
providers, and organizations in the EMEA region.

Membership includes over 20,000 organizations from over 75 countries
who act as Local Internet Registries (LIRs) to assign IP address space
to other organizations in their own country.

RIPE NCC hit by a credential stuffing attack

RIPE disclosed today that they suffered a credential stuff attack over
the weekend targeting their single sign-on (SSO) service. This SSO
service is used to login to all RIPE sites, including My LIR,
Resources, RIPE Database, RIPE Labs, RIPEstat, RIPE Atlas, and the
RIPE Meeting websites.

"Last weekend, RIPE NCC Access, our single sign-on (SSO) service was
affected by what appears to be a deliberate ‘credential-stuffing’
attack, which caused some downtime.

"We mitigated the attack, and we are now taking steps to ensure that
our services are better protected against such threats in the future,"
RIPE NCC disclosed today in an announcement on their website.

RIPE states that their investigation does not indicate that any of
their accounts have been compromised, but they will immediately
contact the account holders if any are found.

The RIPE NCC SSO service offers two-factor authentication, which
members can enable on their profile page. RIPE urges all users to
enable two-factor authentication on their Access accounts to prevent
compromise in future credential-stuffing attacks.

RIPE asks any users who detect suspicious activity on their account to
contact them immediately.

It is also recommended to use a different password at every site you
frequent to prevent leaked credentials from being used in credential
stuffing attacks at other websites.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange
Previous By Date Next
Previous By Thread Next

Current thread: