TRENDING:

Namecheap Hacks Tied to CyberVor?

Domain-Hosting Provider Reports Unauthorized Log-Ins Jeffrey Roman (gen_sec) • September 2, 2014    
Namecheap Hacks Tied to CyberVor?

Domain-hosting provider Namecheap says recent unauthorized log-ins to customer accounts likely stemmed from the CyberVor incident, where Russian hackers pilfered more than 1.2 billion credentials (see: CyberVor Update: Hold Security Responds).

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

Namecheap says that its intrusion detection systems recently detected much higher than normal activity on its log-in systems. "Upon investigation, we determined that the username and password data gathered from third-party sites, likely the data identified [in the CyberVor incident], is being used to try and gain access to Namecheap.com accounts," says Matt Russell, vice president of hosting at Namecheap, in a Sept. 1 blog.

A majority of the log-in attempts have been unsuccessful, Russell says, because the data is incorrect or old and passwords have been changed. Namecheap is blocking the IP addresses that appear to be logging in with the stolen password data, Russell says.

But some of the attacks have been successful, which prompted Namecheap to contact customers to request that they improve the security of those accounts.

Russell stressed in his blog that Namecheap was not breached. "Usernames and passwords being used [by the hackers] have been obtained from other sources," he says. "These have not been obtained from Namecheap."

The domain-hosting provider did not immediately respond to a request for additional information, including how many of its clients were affected.

CyberVor Incident

News of the CyberVor mega-breach was first reported Aug. 5, when the security vendor Hold Security said a Russian cyber allegedly amassed more than 4.5 billion credentials (see: Security Firm: 1.2 Billion Credentials Hacked). Of those credentials, 1.2 billion appeared to be unique and tied to more than a half-billion e-mail addresses.

But the warning prompted security critics to ask several questions, including why Hold Security wasn't naming which sites had been breached and whether the report was just a marketing exercise.

Previous
Mobile Banking: Evolved Services, Risks
Next
Update: Home Depot Breach Investigation

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.