Domain name registrar Namecheap has claimed to have suffered a security incident at the hands of the Russian hackers CyberVor.
After its intrusion detection systems alerted it to a “much higher than normal load against our login systems”, it determined that the collection of stolen credentials detailed last month were to blame. In a statement it said that, upon investigation, it determined that the username and password data was gathered from third party sites, and was likely that the data identified was used to try and gain access to Namecheap.com accounts.
Vice president of hosting at Namecheap Matt Russell, said: “The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts.
“The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement.”
However he said that, while the vast majority of the logins are unsuccessful, some have been successful and it has temporarily secured affected Namecheap accounts and is currently contacting customers involved.
He said: “I must reiterate this is not a security breach at Namecheap, nor a hack against us. The hackers are using usernames and passwords being used have been obtained from other sources. These have not been obtained from Namecheap. But these usernames and passwords that the hackers now have are being used to try and login to Namecheap accounts.”
He also confirmed that initial investigation reports show that those users who use the same password for their Namecheap account as on other websites are vulnerable. “If you haven’t been affected by this but you know that you use the same username and password on multiple websites including Namecheap, now is a very good time to go in and update your password to something more secure,” he said.
“This attack serves as a timely reminder that as netizens, we constantly face new and evolving security threats. There are groups out there whose sole intent is to steal our identity, gain access to our bank or credit card information or defraud us. And this is a problem that isn’t going to disappear any time soon.”