Attack on RIPE NCC Access - Please Enable Two-Factor Authentication
Dear colleagues, Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future. Our preliminary investigations do not indicate that any SSO accounts have been compromised. If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them. We would like to ask you to enable two-factor authentication on your RIPE NCC Access account if you have not already done so to ensure that your account is secure. In general, using two-factor authentication across all your accounts can help limit your exposure to such attacks. We will keep you informed about any relevant developments. If you have noticed any suspicious activity in your RIPE NCC Access account, please contact us immediately at security@ripe.net. Best regards, Ivo Dijkhuis Senior Information Security Officer, RIPE NCC
On 2021-02-18 16:43, RIPE NCC Security wrote:
‘credential-stuffing’
I'm not sure if this works with GDPR and all that jazz but one thing that would be convenient is that I could see from which IP i logged in during, say the last 10 times. Could be displayed on https://access.ripe.net//profile Cheers, -- Bengt Gördén Resilans AB
Ivo & all - it appears that on https://access.ripe.net/ the mentioned link for FreeOTP is somewhat outdated for almost four years now: https://fedorahosted.org/freeotp/ redirects to https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement , where it reads under "Summary": "fedorahosted.org was retired on March 1st, 2017. [...]" Seems that: https://freeotp.github.io/ is the new entry point now - but I haven't checked it out in detail. ATB, -C. On 18.02.2021 16:43, RIPE NCC Security wrote:
Dear colleagues,
Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future.
Our preliminary investigations do not indicate that any SSO accounts have been compromised. If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.
We would like to ask you to enable two-factor authentication on your RIPE NCC Access account if you have not already done so to ensure that your account is secure. In general, using two-factor authentication across all your accounts can help limit your exposure to such attacks.
We will keep you informed about any relevant developments. If you have noticed any suspicious activity in your RIPE NCC Access account, please contact us immediately at security@ripe.net.
Best regards,
Ivo Dijkhuis Senior Information Security Officer, RIPE NCC
Furthermore, at least the Android version of FreeOTP has not seen any updates since five years - which sort of puzzles me wrt. the "validity of the offer". On 19.02.2021 14:56, Carsten Schiefner wrote:
Ivo & all -
it appears that on https://access.ripe.net/ the mentioned link for FreeOTP is somewhat outdated for almost four years now:
https://fedorahosted.org/freeotp/ redirects to https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
, where it reads under "Summary":
"fedorahosted.org was retired on March 1st, 2017. [...]"
Seems that:
is the new entry point now - but I haven't checked it out in detail.
ATB,
-C.
On 18.02.2021 16:43, RIPE NCC Security wrote:
Dear colleagues,
Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future.
Our preliminary investigations do not indicate that any SSO accounts have been compromised. If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.
We would like to ask you to enable two-factor authentication on your RIPE NCC Access account if you have not already done so to ensure that your account is secure. In general, using two-factor authentication across all your accounts can help limit your exposure to such attacks.
We will keep you informed about any relevant developments. If you have noticed any suspicious activity in your RIPE NCC Access account, please contact us immediately at security@ripe.net.
Best regards,
Ivo Dijkhuis Senior Information Security Officer, RIPE NCC
participants (3)
-
Bengt Gördén
-
Carsten Schiefner
-
RIPE NCC Security