Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts.

RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.

The RIPE NCC is a not-for-profit membership association, a Regional Internet Registry and the secretariat for the RIPE community supporting the Internet through technical coordination.

It has over 20,000 members from over 75 countries who act as Local Internet Registries (LIRs) and assign blocks of IP addresses to other organizations in their own country.

The organization mitigated the attack and its investigation confirmed that not SSO accounts have been compromised.

“Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime,” reads a statement published by the organization.  

“We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future. Our preliminary investigations do not indicate that any SSO accounts have been compromised.”

In response to the attack, RIPE is asking all its members to enable two-factor authentication for their Access accounts to protect them from account take over resulting from brute-force-like attacks.

Any users who will detect suspicious activity on their account could report it to RIPE.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, RIPE NCC)

The post Credential stuffing attack hit RIPE NCC: Members have to enable 2FA appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source