In a post on its corporate blog, Namecheap.com, the domain name registrar, announced it found an attack overnight and blocked over 30,000 IP’s that were attempting to gather the “username and password data gathered from third party sites that were trying to be used to try and gain access to Namecheap.com accounts.”
This is different than most attacks because Namecheap was not the target of the hackers, meaning that the hackers were not trying to get the user information from Namecheap, but from other sites and then attempted to use the information to login to Namecheap.com accounts.
“To be clear this is not a Namecheap security issue, this is an internet security issue”, Richard Kirkendall the Founder and CEO of NameCheap.com, told TheDomains.com exclusively, Rick went on to say “these are passwords harvested from other compromised databases, we were never breached”
The good news is that Namecheap found the attack early and took measures to defeat the attempt to log into NameCheap accounts, the bad news is this is not just a security issue for Namecheap but seems to be along the lines of the groups of Russian Hackers which gained access to hundreds of thousands of email accounts and millions of user Id’s and passwords last month so its an issue for all Internet Users
You can read The Register’s full report on on the Russian Hackers here.
“These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world”
Here is some more information on the attack that Namecheap.com posted on its blog:
“The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts.
The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data.
We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement.
While the vast majority of these logins are unsuccessful, some have been successful.
To combat this, we’ve temporarily secured the Namecheap accounts that have been affected and are currently contacting customers involved requesting they improve the security for these accounts.
If you receive an email alert from us stating that your account has temporarily been secured, don’t worry. We’ve proactively taken this step as a security measure to help defend you against this attack. We will need you to verify your identity to us and we will then issue you with new login credentials, including a new, stronger password.
Once verified, you will regain access to your Namecheap account.
“”I must reiterate this is not a security breach at Namecheap, nor a hack against us. The hackers are using usernames and passwords being used have been obtained from other sources. “”
“”These have not been obtained from Namecheap. But these usernames and passwords that the hackers now have are being used to try and login to Namecheap accounts.””
“”Our early investigation shows that those users who use the same password for their Namecheap account that are used on other websites are the ones who are vulnerable.””
If you haven’t been affected by this but you know that you use the same username and password on multiple websites including Namecheap, now is a very good time to go in and update your password to something more secure.
This attack serves as a timely reminder that as netizens, we constantly face new and evolving security threats. There are groups out there whose sole intent is to steal our identity, gain access to our bank or credit card information or defraud us. And this is a problem that isn’t going to disappear any time soon.
“We hope this serves as a both warning and heads up to other service providers and anyone that guards customer data that you too may be at risk from this mass of compromised account data.””
nice action from NameCheap. However, they are too much eager to discard any responsibility in the event and to focus on third party systems but the fact is hackers tried to hack into namecheap accounts because they don’t put a captcha to prevent automated login requests…
Maybe because a captcha isn’t necessary, more so if it needlessly inconveniences enough users to complain to NameCheap about it.
Besides, other registrars such as Dynadot, Name.com and even Go Daddy don’t use a catpcha as I just checked.
sure, it is inconvenient but if you try to login and fail you should be offered a cpactha.
this is the current state of the art to address this security issue. and namecheap has this secutiry issue for not implementing it.
At least, NameCheap is currently the only registrar who reported such a security issue from their side. Who knows if a similar thing happened at other registrars?
Anyway, NameCheap will decide for themselves what option is sufficient for security despite what other people think. Security and convenience are two of the numerous things every registrar, like pretty much every other business or individual, will balance.
i never said the contrary. the problem is instead of simply communicating to the world that they have detected the attack they took it a big step further trying to show how great security they are when they are in fact revealing a security issue. yes, some other registrars have the same problem too. others do not. that is not the point.
A bit late since I just saw your comment, and not to seem dense, but…why is that a problem? NameCheap’s CEO emphasized this thing isn’t a security issue with them, but the Internet in general. Not to mention that some (if not many) people demand transparency, which NameCheap apparently saw fit to be despite how this’ll make them look to other folks.
Anyway, you’ll be fine if you’re not using NameCheap. Just maybe hope that whoever registrar you use is equally, if not just as, transparent on issue/s serious enough to affect you.
again, nothing against namecheap being transparent in coming to the public with this situation. but they did not come to show they are being open to the security issues but instead to show that they have a great security (the problem is with other third parties). this is pure marketing stuff, not security transparency.
if they want to be seen as security minded then they could say that they consider that providing a login without any kind of failed account limit testing is a potential security issue that they will mitigate in a near future, even if this particular situation is not a security problem of them at its root.
one point should be clear: there is no question whatsoever in this being a security issue. i don’t want some guy trying to run an automated script against namecheap’s login page without any method to block or at least delay these attempts. the fact some other registrars don’t have also this measure is not an excuse. i could as easily say that they had also experienced this attack but did not revealed to the public because they thought that there was no security issue on their side and there was no point in making a statement for something that had nothing to do with them.