Hosting provider Namecheap has come under attack from hackers apparently using the “CyberVor” hoard of 1.2 billion usernames and passwords, and has warned that some accounts that had failed to use a secure password may have been compromised.

In a blog post entitled, “Urgent Security Warning”, the company said that some accounts had been compromised, but Computer World reports that the “vast majority” of login attempts had failed.

Namecheap said that it was now “aggressively blocking” the IP addresses that the attack appeared to have come from, and said that the logins appeared to come from the record-breaking hoard of passwords and usernames stolen by the gang known as “CyberVor”.

Secure password: Record-breaking hoard used in attack

Veteran security writer and researcher, and We Live Security contributor Graham Cluley said, “The gang, which has been dubbed “CyberVor” (“vor” means “thief” in Russian) by security researchers, is thought to be in possession of the largest known haul of stolen internet credentials – 1.2 billion usernames and passwords, together with 542 million email addresses. And the data has been stolen from some 420,000 different websites.”

Company officials did not reveal why they suspected the credentials being used in the attack were the ones from the Cybervor (“Vor” is Russian for “thief”) trove which was discovered online last month, with a mix of passwords, usernames and email addressses in one online cache, according to CIO magazine.

“Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. Upon investigation, we determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to Namecheap.com accounts,” Namecheap said, also offering advice for users on how to create a secure password for their accounts.

Fake browser used in mass attack

“The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts," Namecheap said.

Veteran security writer and researcher, and We Live Security contributor Graham Cluley advises, “Whenever you create accounts online you are putting trust in the hands of web developers that they are properly securing your information. The very best you can do is enable additional security measures (such as multi-factor authentication when made available), and ensure that you never reuse the same password nor choose a password that is easy to guess or crack.

"Because one thing is clear: The Russian CyberVor gang may or may not be sitting on one of the largest cybercriminal hauls in history, but unless we all work harder to keep our private information safe and secure, this is not going to be the last time that you’re waking up to newspaper headlines of stolen passwords."