Users advised against recycling credentials for valuable accounts

Sep 2, 2014 16:47 GMT  ·  By

Some users of the services offered by web hosting provider Namecheap have been alerted that credentials for their accounts have been used by third party individuals to log in.

The company informs that there was no leak from their part as a result of a cyber-attack, but that the group behind the fraudulent activity relied on details most likely available from Cybervor’s database of 1.2 billion records.

Cybervor is a gang from Russia, reported by Hold security firm in Milwakee to have amassed a collection of 1.2 billion unique credentials linked to 500 million email addresses.

The news made the rounds right before the Black Hat USA presentation sessions, which led many to speculate that it was a publicity stunt designed to increase sales of the company’s products.

Namecheap said in an announcement to its customers that their intrusion detection systems (IDS) alerted of an unusually high load on the login servers. An investigation was started and the experts determined that the credentials came from a third party source, likely Cybervor database.

“The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data,” said Matt Russell from Namecheap.

Additional steps taken to mitigate the issue consist of logging the IP addresses in order to create blocking rules and export them across the network; this way, fraudulent login attempts from these IPs to any Namecheap system or service will be eliminated.

As for the successful login attempts, the company says that the accounts have been secured and customers are contacted so that they increase the protection measures, such as two-factor authentication (2FA).

Access to the secured accounts can be done once the owner validates their identity; after this, new credentials will be issued, with a stronger password.

“The hackers are using usernames and passwords being used have been obtained from other sources. These have not been obtained from Namecheap,” Russell stresses.

The investigation revealed that users who recycled their Namecheap credentials on other services were the ones vulnerable.

Anyone adopting this practice is advised to create unique passwords, at least for accounts valuable to them. The incident is fresh, as it occurred on September 1, early in the morning.

Namecheap follows the latest security practices and stores passwords in an encrypted form using the most secure methods. Further protection is given by multiple firewalls and intrusion detection systems, with defense mechanisms being reviewed on a regular basis.