Namecheap Hack Contained After Brute Force Attack
Namecheap customers were the victims of a hack this week, as stolen details from other sites were used to log in to user accounts.
According to Matt Russell at Namecheap, the usernames and passwords were probably obtained in August by Russian hackers. The list was obtained by hacking other websites, with multiple sources being pooled to create billions of possible combinations. The details were then used to attempt logins on the Namecheap site.
Security at Namecheap
Rather than using actual login pages, the hackers used software that mimicked real browser login windows to disguise their login attempts. They also had to reduce the list of logins from 4.5 billion since there were so many duplicates.
The hack did not involve any compromised systems at Namecheap, and there is no suggestion that its security is not adequate. However, with 1.2 billion usernames and passwords being tried in a brute force attack, some have inevitably led to successful logins.
Namecheap responded by blocking the IP addresses that were hammering its systems with brute force logins, and it has made those IP addresses available for blocking should other hosts require it. The host has also proactively contacted affected customers to discuss more robust security practices.
There’s little that it could have done to prevent the attack, since the passwords were not acquired from its systems.
The hack is a stark reminder of the importance of creating unique passwords across the web, since using the same username and password combination is a serious security risk if one site is compromised
Hosting customers at Namecheap have the option of enabling two factor authentication on their accounts, and it’s recommended that anyone using the same password on multiple sites should change their password on Namecheap immediately.
Namecheap recommends that users on public wifi networks always connect through a VPN.