- Impact
- 5,394
NamePros is observing an increase in credential stuffing attacks targeting domain investors. This is a semi-regular occurrence. It typically works as follows:
Get a password manager and enable 2FA. It's your responsibility to keep your accounts secure. If you use the same password on NamePros and SomeRegistrarWebsite, and SomeRegistrarWebsite leaks your password, attackers are going to have no trouble logging into your NamePros account.
In the short term, we'll be requiring some high-risk accounts to enable 2FA. We'll also be enforcing stronger password requirements for some accounts. This is not a perfect solution, and we still expect members to maintain good internet hygiene by choosing more secure passwords.
- An arbitrary website in the domaining industry is compromised. Typically, we have no way of knowing which site it was.
- The username and passwords are harvested from the compromised website.
- Attackers assume that most people use the same (or a similar) password everywhere, so they plug the username and password combination into other, more secure websites.
- The attacker will steal any assets in the account and potentially scam other people while impersonating the compromised user.
Get a password manager and enable 2FA. It's your responsibility to keep your accounts secure. If you use the same password on NamePros and SomeRegistrarWebsite, and SomeRegistrarWebsite leaks your password, attackers are going to have no trouble logging into your NamePros account.
In the short term, we'll be requiring some high-risk accounts to enable 2FA. We'll also be enforcing stronger password requirements for some accounts. This is not a perfect solution, and we still expect members to maintain good internet hygiene by choosing more secure passwords.