It’s Labor Day here in the US, so it’s not a great day for companies to share important news, but it is important that you see this Namecheap security warning, even if you do not use the company as your domain name registrar. This issue seems like it has the potential to impact domain investors as well as others who own domain names. It may also be impacting other accounts as well.
Please read this important security update regarding a previous breach that may impact you on Namecheap+elsewhere: http://t.co/aDIffisjAH
— Namecheap.com (@Namecheap) September 1, 2014
From a blog post on the Namecheap company blog, entitled “Urgent security warning that may affect all internet users,” the company stated:
Back in August, The Register reported that the largest ever quotient of email addresses, usernames and passwords had been put together by groups of Russian hackers. You can read their full report on this here.
These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world.
Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. Upon investigation, we determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to Namecheap.com accounts.
Namecheap shared more information about this potential issue, and the company also shared information about what it is doing to help its customers. I think it is critical that you read the blog post in its entirety and perhaps you can use this quiet day to be sure your domain name accounts are securely protected as best as possible.
Namecheap is one of the largest domain name registrars, and the company warned that this “may affect all internet users.” I would imagine that something like this could be happening at other domain name registrars, too. It may also happen to email service providers, domain parking accounts, aftermarket website accounts, and other private accounts. This is the primary reason why I am sharing this warning with you rather than simply retweeting or posting something socially. It’s easy to brush it off as something that will impact others, but that may not be true.
At the bottom of the blog post, Namecheap offers some helpful security advice that should be heeded whether you use Namecheap or not. This certainly seems like it could have major implications for all of us, so please be sure your domain name accounts are secure. Please read Namecheap’s urgent blog post as soon as you have an opportunity.
I was over at Namecheap.com about 5 hours ago and Right Off the start at the “Log In” something just did not feel right — #1 I have and “old & favorite” Not very good password” – #2 At Namecheap I Logged in my “easy” password and it kept rejecting (a number of times) the Login in their Standard Home Page sign-in box in the Upper left Corner — and doing a re-direct to another Page where the Log-in box was in the Center of (Hopefully) their page — which i did not use because it has did this once or twice in the past 4 weeks.
So my plan was to simply take 2 or 3 minutes simply copy a quick list of my domains and get out of there — This took a Total of at least 6 or 7 times of having my — Browser Crash — just as I was going to hit the Print Button — Right after the Print Setup was OK … I left “2” detailed Crash report’s Messages for the this browser company which does a really great follow-ups on this kind of problem…
I have not been with Namecheap.com — very long But I Really Like their Company – Their Website – And Their Simple and Very Good Customer Service…
Right from the Start you could tell their “Security & Honesty” was a Major Priority for Namecheap Customers.
Thanks Elliot for Catching and Printing this excellent information — I did not see their Blog Post on it…
This is rich coming from Namecheap. From my experience their support staff are lazy, unhelpful and disagreeable – to the point of being antagonistic. Rather than help you with issues, the support staff send inflammatory emails back to you. I have never experienced this with any other registrar. I’m convinced the attitude of Namecheap support staff is a reflection of management’s policy of how they want staff to deal with domain name owners. The support staffs’ unwillingness to help – and what appears to be their complete disregard for clients – prompted me to move hundreds of my domains out of Namecheap. Now Namecheap comes out and pretends it is domain owners’ best friend. Rubbish! This is a marketing ploy to get you to move your domains across to them because, security-wise, they are on the ball. Don’t fall for it!
Got myself locked today. Apparently they noticed unusual activity on my account yesterday. They are verifying my details now.
I didn’t understand a thing you said, Pat W.
Can someone please translate what he just said? -_-
Uhm, Pat W, have you ever heard of the English language? Look it up!
It hurts my brain trying to understand your incoherent blabber. I’m sure you’re not any brighter in your own language as well, since you’ve never heard of a comma ” , ” , a full stop ” . ” or a semi-colon ” ; ”
Namecheap is one of the best registrars around, if not THE BEST. I’ve been with them for over 2 years now and trust me, I know what I’m saying: I’ve had questions, problems and contacted support without any worries. They’ve always responded incredibly quickly (even in 5 seconds ~ live chat support) and have always went the extra mile to make sure I’m one happy customer.
I’ve registered, transferred in and out of them and they still are my favorite registrar. (Hey, transfers were significantly cheaper at name.com and namesilo.com even if the namecheap support person was nice to give me one good renewal discount after I asked them to – Whois Privacy at .99 instead of $2.88 … a total discount of around 12% is more than reasonable, but I’ve found a way to get 36% discount by transferring to name.com)
I bet you never heard of 2-Factor Authentication (password + sms/call code). Namecheap has it and without your phone, no one can login unauthorized!
And no, English is not my native language either. It’s not even an official language here in my country.
Went to Namecheap last night to log in, and had all kind of problems.
over and over their log screen kept refusing my password, which was
accurate of course — this shappened over and over until finally
of course I got locked out, and then ended up having to change my
password as well as contact customer service.
I am not impressed at all with the direction that namecheap has been
going in the last few months. Their site RIGHT NOW looks like it was
designed and developed by a teenager with bad programming skills.
and now security and log in issues plus a data breach all just are
making me want to run from this registry which I once thought at one
time to be one of the best in the business.
It’s truly unbelievable how these huge internet companies as soon as
they get big and make alittle money seem to forget their recipe for success almost immediately and start making detrimental changes that
ends up costing them customers. Frankly, the deal with namecheap is
so bad right now I think their developers are working for Godaddy at
this point lol
Even other registrars such as Go Daddy, Dynadot, Name.com and Network Solutions use similar designs. I forgot the term, but it has something to do with catering to the tastes of *majority* of users (at least, based on whatever studies and tracking the registrar uses).