Security Experts:

Connect with us

Hi, what are you looking for?



Namecheap Says Accounts Accessed With Credentials Stolen by Russian Hackers

Domain registrar and Web hosting company Namecheap is warning customers that cybercriminals have been trying to access their accounts by using credentials obtained from third party websites.

Domain registrar and Web hosting company Namecheap is warning customers that cybercriminals have been trying to access their accounts by using credentials obtained from third party websites.

Security firm Hold Security recently reported that Russian hackers managed to obtain 1.2 billion credentials from approximately 420,000 websites. The compromised information can be very useful because many people use the same username and password combinations for multiple online services.

Namecheap believes these 1.2 billion credentials are being utilized by cybercriminals to gain access to their customers’ accounts. The company’s intrusion detection systems picked up a higher than usual volume of login attempts shortly after the story broke, indicating that the attackers are likely using this data in an effort to breach accounts. It’s uncertain if the timing is the only piece of evidence that has led the company to reach this conclusion. Namecheap could not immediately be reached for clarifications.

“The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts,” Matthew Russell, vice president of hosting at Namecheap, explained in a blog post on Monday.

According to Russell, while most of the login attempts have been unsuccessful, the attackers have managed to gain unauthorized access to some accounts. The company has temporarily secured affected accounts and is working on notifying customers. Those who have been impacted by the cyberattack are instructed to verify their identities, after which they will be provided with new login credentials.

“As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement,” the company official said.

Russell has clarified that the unauthorized logins are not the result of a security breach at Namecheap. He claims all passwords stored on the company’s systems are encrypted “using the highest security encryption methods.”

The hosting firm is advising customers to enable two-factor authentication on their accounts. In addition, those who have used the same credentials on multiple websites are advised to take action immediately and update their passwords.

Shortly after the world learned about the 1.2 billion compromised credentials, experts warned that such attacks are inevitable.

“The more accounts you have, the more vulnerable you are. The more you share email addresses and passwords across those accounts, the more vulnerable you are,” Jon Heimerl, senior security strategist at Solutionary, told SecurityWeek. “If you are regularly changing passwords the fact that someone has stolen your credentials may not have a huge impact on you. But how many people regularly change all of their passwords?” 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...