Russian hackers have been using a harvest of passwords which were nicked during a huge raid earlier this year to break into Namecheap.com accounts.
CyberVors based in south central Russia quietly stole 4.5 billion username and password combinations. These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world.
Now according to Namecheap, its intrusion detection systems alerted us to a much higher than normal load against our login systems.
Upon investigation, we determined that the username and password data gathered from third party sites, likely the hacker data is being used to access to Namecheap.com accounts.
The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts.
So far the majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. However the company said it was blocking the IP addresses that appear to be logging in with the stolen password data.
“We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement,” the company said.