The other shoe may have dropped in the story of the CyberVor hacked account database that BreachAlarm first reported on nearly a month ago. Popular domain registrar Namecheap has today observed a flood of activity on its login servers, and it claims this is likely the first known attack using the stolen credentials stored in the CyberVor database.
Namecheap’s analysis of the login traffic indicates that it’s an automated system working its way through an enormous list of login credentials, most of which are incorrect because the user does not have an account with Namecheap, or because the user is using a different password on Namecheap. It is as yet unclear why Namecheap believes this is linked to the CyberVor database reported on last month, specifically, as opposed to some other large list of stolen passwords.
Namecheap has taken steps to block as much of this automated login traffic as it can, which will frustrate the hackers’ attempts to capitalize on this password list. It is likely, therefore, that other popular domain registrars may be targeted in days to come.
Read on for our advice on how to protect yourself.
How to Protect Yourself
When we reported on the CyberVor database last month, our first item of advice was “Assume you’ve been compromised.”, but changing every password you have online may have seemed impractical.
Now that we’re seeing signs that domain registrars may be targeted, that’s a good place for you to start. If you have accounts with any major domain registrars such as Namecheap, 1&1, Go Daddy, Name.com, DreamHost, Hover, or Gandi, we recommend you change your password immediately, and enable two-factor authentication if it is offered.
We’ll continue to keep you informed of any additional high-profile hack targets as they come to light.