New on LowEndTalk? Please Register and read our Community Rules.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
In this Discussion
- 2008-2021 © LowEndBox & LowEndTalk. Privacy Policy. Powered by Vanilla.
Back to Top | LowEndTalk | LowEndBox | Dark Theme Config | Advertise
Comments
lol, nothing in my inbox. make sure to verify who really sent the email, post the headers here if you can.
Looks like it. I just got the fake metamask one from them too, 20 minutes ago.
post e-mail headers please.
A bunch of other people received it as well.
I didn't though.
https://www.namecheap.com/support/knowledgebase/article.aspx/858/2194/how-to-get-email-headers/
Submit report/headers via their ticketing system, https://support.namecheap.com/index.php?/Tickets/Submit.
I also received nothing, going to be spicy. Someone probably got access to their email portal or something.
Someone posted this on Twitter, as a reply to the tweet @DP posted:
I don't know if that's their own e-mail servers, or the ones used on their e-mail service for customers, and they've not suspended it yet.
got it too.
Here you go:
https://pastebin.com/5qP5rMX3
Well, their SendGrid account, at the very least, indeed seems to have been compromised then. Nice.
looks a bit different than order/invoice emails, likely newsletter sender.
either way, looks promising.
Looks like API keys were part of the breach mentioned here and not just emails/full names https://mobile.twitter.com/ScarletSharkSec/status/1623688006388285443
it seems phishing...
that's why services provided by people like @MannDude are valuable even for normies. u can get namecheap domains(+ a bit of fee for Curtis) but you get something "undoxxable" in return.
the only downside is not "real" ownership over a domain, you have to trust incognet more. but as with NB fiasco, you can still contact registar and possibly get your domain back if Curtis died suddenly or some shit
I'm no longer using NameCheap, I use NameSilo (no breaches AFAIK so far). I just kept my account and didn't try to close it.
What happens to all the domains under management of @MannDude if NameCheap got an even worse breach? is there a possibility of people losing their domains?
He would do as much as a normal NameCheap customer to recover domains.
ICANN will also step in and help.
would transfer them, to be safe. But what can they do, just spamming without login attempts.
According to twitter.com/namecheap replies to various people:
Hi, this is a spam email so please do not click any links and do not reply to it. Our team is currently checking it on the highest priority.
AND
we localized the issue to be connected with our email gateway Sendgrid and all the team is all hands to stop it asap
AND
We have stopped all the emails and contacting our upstream provider to resolve it
I think it's premature to think we need to transfer any domains out. From the twitter feed, it looks like Namecheap has a handle on it, that it was their email gateway and it's being resolved right now.
Just posted:
https://www.namecheap.com/status-updates/archives/74848
(EDIT: Adding title and time/date of post)
[In progress] Email gateway issue
General Feb 12 2023 05:27:pm America/New_York Marina Kalashnik
Dear Customers,
We have evidence that the upstream system we use for sending emails is involved. We have stopped all the emails and contacted our upstream provider to resolve the issue.
As a result, some unauthorized emails might have been received by you.
Please ignore such emails and do not click on any links. We are currently investigating the situation.
Once we have any news from the responsible team, this post will be updated right away.
Please rest assured that your products and account details are not affected by this issue.
We apologize for any inconvenience during this issue and thank you in advance for your patience and understanding.
Breaches will always happen, the difference is in how companies handle it. Trying to blame the issue on SendGrid is not the right way to go about it. I doubt that this issue is coming from Twilio's end, otherwise, we would have seen a lot more phishing emails from other different companies. Their SendGrid credentials (API keys most likely) got leaked somehow, only fair to assume some other stuff got leaked too. "Upstream" is not responsible for securing NameCheap credentials.
Lol yep , it s hacked , I received 2 strange emails about 2 minutes ago
Regards,
Calin
All I'm saying is that we don't need to jump to conclusions yet -- there's not enough info. And frankly from the Twitter feed, Namecheap is handling this reasonably well. I don't think they are blaming anyone yet. Again, their official update says:
Once we have any news from the responsible team, this post will be updated right away.
Please rest assured that your products and account details are not affected by this issue.
Time will tell, let's just not be too hasty without more info, so I think it's premature to transfer domains out. That's all. I'm not criticizing anyone. And I'm with you that it's alarming that something happened, but let's give them some time to respond. And thank you for posting it. I for one, did NOT get the spam email. So they stopped it before they got to my account.
are you guys(the affected people) subscribed to Namecheap newsletter?
They made a slight change to the update:
https://www.namecheap.com/status-updates/archives/74848
I didn't do a diff, but offhand it looks like they changed:
Once we have any news from the responsible team, this post will be updated right away.
to:
We have stopped all the emails and contacted our upstream provider to resolve the issue. At the same time, we are also investigating the issue from our side.
original post https://archive.ph/FN4Am / https://web.archive.org/web/20230212224841/https://www.namecheap.com/status-updates/archives/74848
Yes I received the dhl email shit.
Btw I did notice that the malicious links in the email has the namecheap.com in it, so i dont't know how the hackers can create some phishing links that has namecheap domain!
Yeah i received it too, possible namecheap database breach?
Nothing from NC here - Not subscribed to their newsletter at all.
F