NameCheap, a large hosting company and an ICANN accredited registrar, that manages around 3 million domains, reports a large-scale hacker attack. According to NameCheap, from many Russian-based IP addresses systematic attempts were made to access user accounts. NameCheap denies that company’s networks were hacked. They suppose that hackers use account names and passwords stolen earlier from another sources. In particular, according to NameCheap representatives, the attack can be connected to the activity of a mystical Russian group CyberVor. In August Hold Security reported that hackers of that group stolen personal data of more than 1.2 billion users by compromising more than 400 thousand sites.
However, there hasn’t been an official confirmation neither of these giant numbers, nor of CyberVor itself. There is no evidence that the attack on NameCheap is somehow connected to these events. The only obvious thing is that unknown hackers are trying to log into NameCheap user accounts, using some list of account names and passwords. A big part of passwords is incorrect or old, however, in some cases the attempts were successful. NameCheap reports that it is actively blocking IP addresses involved in the attack. Compromised accounts are also blocked, and corresponding notifications have been sent to the owners. Users of NameCheap services are highly recommended to change their passwords, especially if they are used on several resources.
