Dear colleagues, 

We have published a report on our findings and actions taken following an investigation into a security breach concerning RIPE NCC Access, our Single Sign-On system. This report follows the last update that we shared with you in January this year [1].

Since the launch of the investigation, we have made two-factor authentication mandatory for all RIPE NCC Access accounts, strengthened password requirements, improved monitoring for leaked credentials and automated the process of resetting passwords for any credentials found in data breaches.

Read the full report at: 

https://www.ripe.net/support/documentation/disclosures-and-reports/ripe-ncc-access-security-investigation-report/

We further recommend that members follow our security recommendations:

• Please restrict account access to necessary personnel only

• Follow password security best practices

• Actively monitor data breaches for your own credentials

If you have any concerns about the security of your RIPE NCC Access account, please contact us at ncc@ripe.net.

Regards,

Hans Petter Holen,

CEO and Managing Director

RIPE NCC

[1] https://www.ripe.net/ripe/mail/archives/ncc-announce/2024-January/001695.html