Namecheap breach exposes users' domains to hackers

Domain manager and hosting provider, Namecheap, issued an “urgent security warning” on its blog early this week in response to the leak of user account details by hackers. The security breach is thought to be a direct result of the recent disclosure of the login information of over 1 billion users, compiled and leaked by Russian hackers.

Despite persistent, rapid-fire attempts to control accounts, the attackers have been thwarted for the most part by Namecheap's “aggressive” blocking of suspicious IP addresses that appear to be using the stolen data, according to the company's blog. The data is also being given to law enforcement for further examination.

“It's clear that we've reached a point where usernames and passwords alone are no longer good enough,” Phil Turner, VP EMEA at Okta, commented in an email to SCmagazineUK.com. “It's vital that all organisations are enforcing multi-factor authentication – which requires two or more factors to verify the legitimacy of the user,” he advised, a move which “reduces the risk of unauthorised access, should password details be compromised.”