Security Experts:

Namecheap Says Accounts Accessed With Credentials Stolen by Russian Hackers

Domain registrar and Web hosting company Namecheap is warning customers that cybercriminals have been trying to access their accounts by using credentials obtained from third party websites.

Security firm Hold Security recently reported that Russian hackers managed to obtain 1.2 billion credentials from approximately 420,000 websites. The compromised information can be very useful because many people use the same username and password combinations for multiple online services.

Namecheap believes these 1.2 billion credentials are being utilized by cybercriminals to gain access to their customers' accounts. The company's intrusion detection systems picked up a higher than usual volume of login attempts shortly after the story broke, indicating that the attackers are likely using this data in an effort to breach accounts. It's uncertain if the timing is the only piece of evidence that has led the company to reach this conclusion. Namecheap could not immediately be reached for clarifications.

"The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts," Matthew Russell, vice president of hosting at Namecheap, explained in a blog post on Monday.

According to Russell, while most of the login attempts have been unsuccessful, the attackers have managed to gain unauthorized access to some accounts. The company has temporarily secured affected accounts and is working on notifying customers. Those who have been impacted by the cyberattack are instructed to verify their identities, after which they will be provided with new login credentials.

"As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement," the company official said.

Russell has clarified that the unauthorized logins are not the result of a security breach at Namecheap. He claims all passwords stored on the company's systems are encrypted "using the highest security encryption methods."

The hosting firm is advising customers to enable two-factor authentication on their accounts. In addition, those who have used the same credentials on multiple websites are advised to take action immediately and update their passwords.

Shortly after the world learned about the 1.2 billion compromised credentials, experts warned that such attacks are inevitable.

"The more accounts you have, the more vulnerable you are. The more you share email addresses and passwords across those accounts, the more vulnerable you are," Jon Heimerl, senior security strategist at Solutionary, told SecurityWeek. "If you are regularly changing passwords the fact that someone has stolen your credentials may not have a huge impact on you. But how many people regularly change all of their passwords?" 

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.