better check your namecheap accounts
 

today a 2 of my publishers had a similar problem with hacked namecheap accounts.

account owner and password have been changed and all domains transfered.
after that blackmail-mail was send to the original owners pay 5 bitcoins within 24 hours.

namecheap support seems to be not very helpful.
livesupport useless and dumb.

up to now I can not say how it was possible to hack this accounts as they are at 2-factor authentication. but i will post it here as soon I find out.

check your namecheap accounts and try to use every security they offer.

also make a cc forwarding for any emails you might get from namecheap to a second
mailaccount because none of my publisher found a mail from namecheap in their regular mailaccounts. so i assume that the hack starts with a hack on the email-account, than they confirm the change and delete the message after.

Thanks for the heads up :thumbsup

Disturbing if 2 factor was enabled.. Hopefully namecheap helps the original owners get their shit back. Hopefully nothing is compromised on namecheaps end.

Thanks for the heads up :thumbsup

update:
looks like this was caused by a local trojan with a keylogger (that´s why 2 way authentication wasn´t secure enough).

namecheap for now locked the accounts. hope also that there is nothing else compromised because both publishers are really big ones with a lot of good traffic.
hope that it will end up only in a lot of work to change everything and build better security.

my biggest wish is to have 5 minutes with such a guy in one room.
after this 5 minutes he would never do that again.

edited...... missed some info :)

I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device?

Checking mine now.

:2 cents:

Just accept the fact that you're a dumbass who shouldn't be allowed on the interwebs.

https://i.kym-cdn.com/photos/images/...o-internet.jpg

Any 2fa can be broken if your ride on session, that was recently discovered.

By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.

thanks for this comment what shows again what clueless idiot you are.

with a keylogger in the trojan there are also a few other ways.
no matter on what device you receive the pin you have to type it into the website.

Yeah, that's a whole new level of compromised. It'd be nice if they did what crypto exchanges do with Google Auth: every transaction you need to use your 2FA. Logging in 2FA simply isn't enough.

Says the biggest dumbass! Stick with what you're good at...sucking dick!!

the point here was that it was the local computer what was infected.
it was a very good made DCMA mail with a link (what is in the original mail also like that).

so be aware of obvious DCMA complaints.

looks like this is a new trick what is targeting adult websites with content because they get this kind of stuff quite often.

Thanks for the heads up! However I left NC some time ago I still have a few domains there. Turned on Two-Factor Authentication.

What are you using these days?

I was mostly using enom, but they just doubled their prices on me :321GFY

Looking for a new register to use.

oh no man

Google Domains is fantastic. I'm willing to pay slightly more if it's a no-bullshit domain host. They give you just what you need and that's it. Light and clean. It's the 21 Naturals of registrars.

You've mistaken me for your boyfriend Bladewire.