In early December 2014 ICANN discovered that the compromised credentials were used to access other ICANN systems besides email, including the Centralized Zone Data System (czds.icann.org). The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, ICANN has deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org.
Unauthorized access was also obtained to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal. No impact was found to either of these systems.