It’s Labor Day here in the US, so it’s not a great day for companies to share important news, but it is important that you see this Namecheap security warning, even if you do not use the company as your domain name registrar. This issue seems like it has the potential to impact domain investors as well as others who own domain names. It may also be impacting other accounts as well.
Please read this important security update regarding a previous breach that may impact you on Namecheap+elsewhere: http://t.co/aDIffisjAH
— Namecheap.com (@Namecheap) September 1, 2014
From a blog post on the Namecheap company blog, entitled “Urgent security warning that may affect all internet users,” the company stated:
Back in August, The Register reported that the largest ever quotient of email addresses, usernames and passwords had been put together by groups of Russian hackers. You can read their full report on this here.
These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world.
Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. Upon investigation, we determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to Namecheap.com accounts.
Namecheap shared more information about this potential issue, and the company also shared information about what it is doing to help its customers. I think it is critical that you read the blog post in its entirety and perhaps you can use this quiet day to be sure your domain name accounts are securely protected as best as possible.
Namecheap is one of the largest domain name registrars, and the company warned that this “may affect all internet users.” I would imagine that something like this could be happening at other domain name registrars, too. It may also happen to email service providers, domain parking accounts, aftermarket website accounts, and other private accounts. This is the primary reason why I am sharing this warning with you rather than simply retweeting or posting something socially. It’s easy to brush it off as something that will impact others, but that may not be true.
At the bottom of the blog post, Namecheap offers some helpful security advice that should be heeded whether you use Namecheap or not. This certainly seems like it could have major implications for all of us, so please be sure your domain name accounts are secure. Please read Namecheap’s urgent blog post as soon as you have an opportunity.