Russian Gang's Billions of Stolen Credentials Resurface in New Attack

In a classic example of a ripple effect, a number of Namecheap’s users’ accounts have now been compromised in a brute-force attack, by hackers using passwords previously stolen by Russian gang CyberVor.

“Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems,” the domain name registrar said in an online statement. “Upon investigation, we determined that the username and password data gathered from third-party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to accounts.”

That data consists of 1.2 billion stolen user name and password combinations, and 500 million email addresses from poorly protected sites. It’s unclear if this is the first use of the stolen data to cause further damage.

“The group behind this is using the stored user names and passwords to simulate a web browser login through fake browser software,” Namecheap said. “This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts.”

The vast majority of the login attempts have been unsuccessful as the data is incorrect or old, and passwords have been changed. However, the company said that it is “aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement.”

The news comes hot on the heels of the Apple iCloud hack that resulted in the leak of hundreds of racy photos from celebrities’ private accounts.

“These data breaches highlight just how vulnerable all online information is,” said Phil Turner, vice president of EMEA at Okta, in an email. “It’s clear that we’ve reached a point where usernames and passwords alone are no longer good enough. People reuse passwords across multiple sites and applications because they’re difficult to manage. All it takes is one hacker getting their hands on these credentials and multiple companies could find themselves affected.”

Once again, two-factor authentication is in the spotlight as a possible solution.

“Rather than relying solely on passwords to authenticate users, it’s vital that all organizations are enforcing multi-factor authentication – which requires two or more factors to verify the legitimacy of the user,” Turner said. “This could be via additional verification methods such as mobile applications or SMS messages which can provide a unique security code and don’t require users to store or remember further credentials. This helps to ensure users are who they say they are and reduces the risk of unauthorized access, should password details be compromised.”

What’s Hot on Infosecurity Magazine?