[members-discuss] [ncc-announce] Attack on RIPE NCC Access - Please Enable Two-Factor Authentication

Hi Ivo,

Thanks for the heads up.

It would be usefull if a LIR Admin user in the portal could see if "his"
users have the 2FA enabled. That way I could encourage my colleagues
without 2FA  to enable.

CC: to the members-discuss for feedback on the suggestion. 

mit freundlichen Grüßen

Steffen Weinreich

-- 
Wireless Logic mdex GmbH
Bäckerbarg 6, 22889 Tangstedt, Germany

Am 18.02.21 um 16:49 schrieb Ivo Dijkhuis:

> Dear colleagues,
>
> Last weekend, RIPE NCC Access, our single sign-on (SSO) service was
> affected by what appears to be a deliberate ‘credential-stuffing’
> attack, which caused some downtime. We mitigated the attack, and we are
> now taking steps to ensure that our services are better protected
> against such threats in the future.
>
> Our preliminary investigations do not indicate that any SSO accounts
> have been compromised. If we do find that an account has been affected
> in the course of our investigations, we will contact the account holder
> individually to inform them.
>
> We would like to ask you to enable two-factor authentication on your
> RIPE NCC Access account if you have not already done so to ensure that
> your account is secure. In general, using two-factor authentication
> across all your accounts can help limit your exposure to such attacks.
>
> If you notice any suspicious activity in your RIPE NCC Access account,
> please contact us immediately at <security at ripe.net>.
>
> Best regards,
>
> Ivo Dijkhuis
> Senior Information Security Officer,
> RIPE NCC
>