ICANN has reason to believe that within the last week, usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website were obtained by an unauthorized person.

These profile accounts contain user preferences for the website, public bios, interests, newsletter subscriptions, etc. There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization. While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.

These encrypted passwords (hashes) are not easy to reverse, but as a precaution we are requiring that all users reset their passwords. When you next visit our site, please go to the login page and click the forgot password link: https://www.icann.org/users/password/new - to create your new password.

Most importantly, if you have used the same password on other websites or services, you should change it immediately on those other websites or services. As a general matter, you should avoid reusing passwords across multiple sites.

No operational information, financial data or IANA systems were involved.

We sincerely regret any inconvenience or concern this incident may cause.