RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.

RIPE NCC is a not-for-profit regional Internet registry for Europe, the Middle East, and parts of Central Asia. It is responsible for allocating blocks of IP addresses to Internet providers, hosting providers, and organizations in the EMEA region.

Membership includes over 20,000 organizations from over 75 countries who act as Local Internet Registries (LIRs) to assign IP address space to other organizations in their own country. 

RIPE NCC hit by a credential stuffing attack

RIPE disclosed today that they suffered a credential stuff attack over the weekend targeting their single sign-on (SSO) service. This SSO service is used to login to all RIPE sites, including My LIR, Resources, RIPE Database, RIPE Labs, RIPEstat, RIPE Atlas, and the RIPE Meeting websites.

“Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime.

“We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future,” RIPE NCC disclosed today in an announcement on their website.

RIPE states that their investigation does not indicate that any of their accounts have been compromised, but they will immediately contact the account holders if any are found.

The RIPE NCC SSO service offers two-factor authentication, which members can enable on their profile page. RIPE urges all users to enable two-factor authentication on their Access accounts to prevent compromise in future credential-stuffing attacks.

RIPE asks any users who detect suspicious activity on their account to contact them immediately.

It is also recommended to use a different password at every site you frequent to prevent leaked credentials from being used in credential stuffing attacks at other websites.