The Hosting Awards

The Hosting Awards

web hosting awards, news, & reviews

Namecheap Hack Contained After Brute Force Attack

By In Web Hosting On September 30, 2014

Namecheap brute force attack

Namecheap customers were the victims of a hack this week, as stolen details from other sites were used to log in to user accounts.

According to Matt Russell at Namecheap, the usernames and passwords were probably obtained in August by Russian hackers. The list was obtained by hacking other websites, with multiple sources being pooled to create billions of possible combinations. The details were then used to attempt logins on the Namecheap site.

Security at Namecheap

Rather than using actual login pages, the hackers used software that mimicked real browser login windows to disguise their login attempts. They also had to reduce the list of logins from 4.5 billion since there were so many duplicates.

The hack did not involve any compromised systems at Namecheap, and there is no suggestion that its security is not adequate. However, with 1.2 billion usernames and passwords being tried in a brute force attack, some have inevitably led to successful logins.

Namecheap responded by blocking the IP addresses that were hammering its systems with brute force logins, and it has made those IP addresses available for blocking should other hosts require it. The host has also proactively contacted affected customers to discuss more robust security practices.

There’s little that it could have done to prevent the attack, since the passwords were not acquired from its systems.

Best Practice

The hack is a stark reminder of the importance of creating unique passwords across the web, since using the same username and password combination is a serious security risk if one site is compromised

Hosting customers at Namecheap have the option of enabling two factor authentication on their accounts, and it’s recommended that anyone using the same password on multiple sites should change their password on Namecheap immediately.

Namecheap recommends that users on public wifi networks always connect through a VPN.

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.