Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Namecheap Says Accounts Accessed With Credentials Stolen by Russian Hackers

Domain registrar and Web hosting company Namecheap is warning customers that cybercriminals have been trying to access their accounts by using credentials obtained from third party websites.

Domain registrar and Web hosting company Namecheap is warning customers that cybercriminals have been trying to access their accounts by using credentials obtained from third party websites.

Security firm Hold Security recently reported that Russian hackers managed to obtain 1.2 billion credentials from approximately 420,000 websites. The compromised information can be very useful because many people use the same username and password combinations for multiple online services.

Namecheap believes these 1.2 billion credentials are being utilized by cybercriminals to gain access to their customers’ accounts. The company’s intrusion detection systems picked up a higher than usual volume of login attempts shortly after the story broke, indicating that the attackers are likely using this data in an effort to breach accounts. It’s uncertain if the timing is the only piece of evidence that has led the company to reach this conclusion. Namecheap could not immediately be reached for clarifications.

“The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts,” Matthew Russell, vice president of hosting at Namecheap, explained in a blog post on Monday.

According to Russell, while most of the login attempts have been unsuccessful, the attackers have managed to gain unauthorized access to some accounts. The company has temporarily secured affected accounts and is working on notifying customers. Those who have been impacted by the cyberattack are instructed to verify their identities, after which they will be provided with new login credentials.

“As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement,” the company official said.

Russell has clarified that the unauthorized logins are not the result of a security breach at Namecheap. He claims all passwords stored on the company’s systems are encrypted “using the highest security encryption methods.”

The hosting firm is advising customers to enable two-factor authentication on their accounts. In addition, those who have used the same credentials on multiple websites are advised to take action immediately and update their passwords.

Advertisement. Scroll to continue reading.

Shortly after the world learned about the 1.2 billion compromised credentials, experts warned that such attacks are inevitable.

“The more accounts you have, the more vulnerable you are. The more you share email addresses and passwords across those accounts, the more vulnerable you are,” Jon Heimerl, senior security strategist at Solutionary, told SecurityWeek. “If you are regularly changing passwords the fact that someone has stolen your credentials may not have a huge impact on you. But how many people regularly change all of their passwords?” 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.