1.2B Password Heist Might Have Opened Doors at Namecheap
Web Services
Some clients of the domain name registrar were hacked, possibly because their passwords were among the cache recently stolen by Russian cybercriminals.
“Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems,” wrote Matt Russell, vice president of hosting, in a Sept. 1 blog post.
The attackers used brute-force attempts to gain control of accounts -- repeatedly trying different usernames and passwords until the right combination granted access.
The “vast majority” of login attempts have failed, Russell said.
The perpetrators employed software that emulates Chrome, Firefox and Safari Web browsers to simulate a real login attempt. This method sometimes helps avoid security defenses that detect repeated fast guesses.