If you have an account at NameCheap, now might be a good time to think about changing your password.
According to the registrar, hackers based in Russia are using a haul of a reported 4.5 billion username/password combinations to attempt to break into its customers’ accounts.
Some attempts have been successful, NameCheap warned.
The attackers are using credentials stolen from third-party sources in a large-scale, automated attempt to log in to user accounts, disguised as regular users, the company said in a blog post.
The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement.
While the vast majority of these logins are unsuccessful, some have been successful. To combat this, we’ve temporarily secured the Namecheap accounts that have been affected and are currently contacting customers involved requesting they improve the security for these accounts.
Affected users have been emailed, the company said.
NameCheap suspects the attack is linked to a reported cache of 1.2 billion unique username/password combinations amassed by a hacker group from databases vulnerable to SQL injection.
The registrar pointed out that its own systems haven’t been hacked. Customers should only be vulnerable if they use the same username and password at NameCheap as they use on other sites.
.club hit a landmark this week with its 100,000th domain name registration, according to .CLUB Domains.
It’s the first new gTLD to get to this level of success without giving away names for free — .xyz and .berlin have over 460,000 and 130,000 names respectively but fall under 100k if you factor out the freebies.
The .club zone file showed 98,984 names (excluding swelling from the name collisions program) last night, and it’s been growing at steady rate of roughly 250-300 names per day.
It appears that there are 1,000 or so names that do not appear in the zone file, perhaps because they’re not configured yet.
.club hit general availability May 7, 114 days ago.
Telefonica Brasil, part of the massive Telefonica group of telecoms companies, has lost its registrar accreditation after failing to pay its ICANN fees.
The company, which had revenue last year of $14.6 billion, is facing termination of its Registrar Accreditation Agreement over the pitiful sum of $3,082.12.
It’s also embarrassing because Telefonica is applying for the new gTLD .vivo, its consumer brand in Brasil, which will require it to sign a Registry Agreement with ICANN.
I don’t think the loss of the RAA affects the company’s ability to get its gTLD contracted and delegated.
According to ICANN (pdf), Telefonica also failed to comply with the Registrar Information Specification, a pretty basic rule in the 2013 Registrar Accreditation Agreement requiring registrars to provide their address and names of officers and any parent companies.
The company has no gTLD names under management, so registrants will not be affected by the termination, which will take effect September 25.
ICANN sent its initial breach notice in July, but Telefonica did not comply before the August deadline. It also received a breach notice over an unpaid $10,000 bill a year ago.
Reliance Industries, owner of the Mumbai Indians cricket team, has withdrawn its application for the new gTLD .indians after an objection from the Indian government.
ICANN’s Governmental Advisory Committee has said in formal advice several times, most recently in March, that India was not cool with the idea of a .indians TLD, but noted that the country stood alone.
Following the Singapore meeting this year, the GAC said: “the Government of India has requested that the application for .indians not proceed.”
As a piece of non-consensus advice, ICANN would have been able to more easily reject India’s objection, but the withdrawal means it will not have to make that decision.
India has a similarly dim view of .ram, which Chrysler has applied for to protect a car brand but which also matches an important deity in the Hindu pantheon. That bid is still active.
But recently we’ve seen two other dot-brand applicants get out of the new gTLD program.
Dun & Bradstreet has just withdrawn its bid for .dnb. Last week, Myriad International Holdings yanked its application for .mih.
Amazon has paid almost a billion dollars for the gaming community Twitch and immediately set about defensively registering some domain names.
amazontwitch.com, amazontwitch.net, and amazontwitch.org were all registered via MarkMonitor on Monday, coinciding with the announcement of the acquisition.
The company even registered twitchamazon.com, but not the corresponding .net and .org.
But Amazon, a major new gTLD applicant itself, does not appear to have registered the string in any new gTLDs, despite being one of the most prolific defensive registrants.
The company owns the string “fire” in scores of new gTLDs and appears to have blanket-registered “prime” and “kindle” in pretty much every new gTLD sunrise to date.
Twitch, pre-acquisition, doesn’t seem to have involved itself in new gTLDs at all, though the string “twitch” has been registered in several.
Bad news for the owners of these domains?