Namecheap Hacks Tied to CyberVor?

Domain-Hosting Provider Reports Unauthorized Log-Ins
Namecheap Hacks Tied to CyberVor?

Domain-hosting provider Namecheap says recent unauthorized log-ins to customer accounts likely stemmed from the CyberVor incident, where Russian hackers pilfered more than 1.2 billion credentials (see: CyberVor Update: Hold Security Responds).

See Also: OnDemand Webinar | Utilizing SIEM and MDR for Maximum Protection

Namecheap says that its intrusion detection systems recently detected much higher than normal activity on its log-in systems. "Upon investigation, we determined that the username and password data gathered from third-party sites, likely the data identified [in the CyberVor incident], is being used to try and gain access to accounts," says Matt Russell, vice president of hosting at Namecheap, in a Sept. 1 blog.

A majority of the log-in attempts have been unsuccessful, Russell says, because the data is incorrect or old and passwords have been changed. Namecheap is blocking the IP addresses that appear to be logging in with the stolen password data, Russell says.

But some of the attacks have been successful, which prompted Namecheap to contact customers to request that they improve the security of those accounts.

Russell stressed in his blog that Namecheap was not breached. "Usernames and passwords being used [by the hackers] have been obtained from other sources," he says. "These have not been obtained from Namecheap."

The domain-hosting provider did not immediately respond to a request for additional information, including how many of its clients were affected.

CyberVor Incident

News of the CyberVor mega-breach was first reported Aug. 5, when the security vendor Hold Security said a Russian cyber allegedly amassed more than 4.5 billion credentials (see: Security Firm: 1.2 Billion Credentials Hacked). Of those credentials, 1.2 billion appeared to be unique and tied to more than a half-billion e-mail addresses.

But the warning prompted security critics to ask several questions, including why Hold Security wasn't naming which sites had been breached and whether the report was just a marketing exercise.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.