Namecheap Email System Breach [Detailed Case Study]

  author
Written By Sambita Panigrahy  
Anuraag Singh
Approved By Anuraag Singh 
Published On May 1st, 2023
Reading Time 8 Minutes Reading

Usually, you can know right away whether you’ve been hacked. When you receive strange text messages or emails, or your social media gets spammed with posts that you aren’t likely to send — it’s certain that your email account has been compromised. But, a lot of individuals don’t appear to take it seriously. They don’t understand the fact that a hacked email account can lead to identity theft or other security and privacy invasions, which could bring much more significant repercussions than a spammed buddy.

A real-life example of such a scam is the Namecheap email system breach. This well-known web hosting company became a victim of phishing attacks. It come to light that on February 13, 2023, hackers compromised the organization’s email systems to send MetaMask and DHL phishing emails. 

More Information on Namecheap Email System Breach

In order to save their packages from being returned, hackers asked victims to pay delivery fees in phony DHL delivery status notification emails. Additionally, they pretended to be MetaMask, a self-hosted wallet provider and demanded that the victims go through the KYC (Know Your Customer) verification process in order to maintain access to their cryptocurrency wallets.

The phishing emails from MetaMask contained a link (https://links.namecheap.com/) that led the victims to a phishing page that asked for their “Secret Recovery Phrase” or “Private key,” which the hackers could use to access their wallets.

Who Was Behind Namecheap Email System Breach?

At first, Namecheap attributed the security hole that allowed hackers to send seemingly valid emails from Namecheap’s account to a third-party marketing email service provider.

“We have proof that the upstream system that we utilize to send emails is sending unauthorized emails to our clients. According to a statement from the domain registrar, it’s conceivable that you’ve received some unauthorized emails as a result.”

Namecheap CEO Richard Kirkendall revealed that the business uses Twilio’s marketing email system SendGrid to communicate with its customers without placing blame.

namecheap email system breach

Kirkendall added that the MailChimp, SendGrid, and Mailgun API leaks that affected over 54 million customers were likely the source of the Namecheap email hack. The disclosed keys could allow hackers to send phishing emails, erase API keys, and alter two-factor authentication.

Javvad Malik, lead awareness advocate at KnowBe4, said that getting access to a real email account to send out phishing emails is a goldmine for crooks. “Services like Mailchimp have been hijacked in the past and used to send phishing emails.”

According to Malik, sending malicious emails from credible sources enables them to get past gateway filters and into the recipients’ inboxes.

Twilio strenuously denied being the source of the Namecheap email hack, despite the fact that the phishing emails had SendGrid headers. Instead, the cloud-based CPaaS supplier advised using a “multi-prong approach” that included two-factor authentication, IP access management, and domain-based messaging to safeguard accounts and thwart phishing assaults.

Namecheap’s Take On the Security Incident

Namecheap disabled all SendGrid emails, including those for code delivery, two-factor authentication, device verification, and password reset requests. It also disabled the phishing URL that was included in the phishing emails.

The domain registration and hosting firm situated in Phoenix, Arizona also gave its clients the assurance that their products and account information was not at risk as a result of the Namecheap email theft.

“In addition, Namecheap’s own systems were unaffected, therefore we want to reassure you that your products, accounts, and personal information are still secure.”

Also, MetaMask warned its clients about the compromised Namecheap email system and urged them not to click on phishing emails. The self-custodial wallet service also kindly reminded users that it does not gather KYC data or email account-related information.

How Did Hackers Get into Namecheap Email System?

During an investigation, Namecheap came to the conclusion that phishing emails were sent using a “newsletter list including customers’ names and email addresses” that hackers had acquired. The domain registrar later admitted “full responsibility” for the Namecheap email hack and said it was unfortunate that any customer information had been revealed.

Namecheap stated, “We take any leak of client information seriously, accept full responsibility for this issue, and are dedicated to making every effort to uphold the safety and privacy of our customers both now and in the future.

Sometimes security breaches are not in our control, so what should you do if unfortunately your email or social account has been hacked?

Next Steps You Should Do If Your Email Account Has Been Hacked

There are a few things you should do right away if you’ve unluckily discovered that one of your accounts has been compromised. Such as:

1. Change Your Password Immediately

The first step you should do to safeguard your information from unauthorized access is to change your password as soon as you suspect that you may have been hacked.

Knowing that most users will use the same password for various accounts, hackers typically obtain email addresses and passwords. If they merely have access to an email address, they assume that users will choose weak passwords. By changing passwords, you could avoid having your account compromised.

As was already indicated, if you forget your password or suddenly lose access to your account, you can always try the recovery method. If you need assistance regaining access to your account, get in touch with customer service.

2. Run an Antivirus Scan

It’s possible that malware on your smartphone gave hackers access to your social media or email accounts. To check for spyware, keyloggers, and other malware, run an antivirus scan. Remove any unauthorized third-party extensions or programs, and update your browsers and other apps.

Such a virus occasionally has the ability to edit or remove files on devices. Use data recovery tools to search, clean up, and protect your storage in this scenario to improve cyber hygiene.

3. Ensure No Other Accounts Were Affected

It’s crucial to confirm that none of your other accounts were impacted as a result of your email being used to secure them. It is strongly advised to log in before changing the password to a new, more secure one. Think about changing the email address as well. Check the security measures that are available, such as two-factor authentication and more alerts.

Reset the password for all of your accounts right away, and then get in touch with assistance if you can’t get in.

4. Let Your Contacts Know About It

As you are already aware, spam emails can be sent through compromised email accounts, and information from your close friends, family members, followers, and coworkers may also be stolen.

As soon as you detect an assault on your email or social media account, let your contacts know. By doing this, you can be sure that they are paying attention to any ominous or unusual emails or phone calls. Provide your contacts with your new email address so they may get in touch with you right away.

5. Pay Attention to Account Recovery Information

You should carefully review your account recovery information when you are able to access your email account again. Verify the list of recovery email addresses and any stated recovery phone numbers. If you come across any strange phone numbers or emails, get in touch with support right once and get them removed from the list.

6. Deploy Multi-Factor Authentication

In January of last year, almost 1.2 million Microsoft accounts were compromised. 99.9% of them had a weakness in that they lacked multi-factor authentication, making them all equally vulnerable. One of the best strategies for thwarting cyberattacks is said to be multi-factor authentication.

If you still haven’t activated multi-factor authentication, do it now to further secure your email account. These days, email companies give you the option of logging in a second time and being asked for additional “factors” before providing you access.

7. Take Additional Security Measures

Your email provider might provide extra security against online threats. Also, see what your device has to offer. Good security measures include the ability to remotely delete accounts and devices in the event of loss or theft, as well as security alarms when logging in from new places or devices.

8. Create a New Protected Account

Despite your best efforts, you might occasionally not be able to recover access to and usage of your account. Starting a new email address or social media account is the last option.

You should also see whether any of your other accounts were impacted by the hack and take the same precautions as soon as you can. Spend some time this time creating new accounts completely safeguarded so that the frustrating experience won’t happen again.

9. Get Professional Help

If none of the suggestions above worked and you had any additional issues, contact our qualified team. Hiring professional assistance could take more time (and money), but it’s frequently the quickest approach to resolve the situation and avoid further security problems.

Stay Cyber-Safe

Normally, just the recipient’s defense against phishing is taken into account. But, with Business Email Compromise (BEC) becoming more and more common, like in this instance, it is now as critical to safeguard the source and stop account takeovers, which can lead to much more deceptive phishing attempts. So, stay alert and be cyber-safe.