Hackers managed to use Namecheap’s inbox to send phishing emails to the company’s customers.
Namecheap users flocked to Twitter to warn of scams that masquerade as DHL or the hot cryptocurrency wallet, MetaMask. The DHL emails claimed that victims had to pay a delivery fee to receive the package, while the MetaMask email encouraged victims to complete the KYC (Know Your Customer) process or lose access to their wallets.
The company blamed a third party for the incident, but the third party denied that it was affected.
Blaming the email delivery service
Both emails contained a link that redirected victims to a landing page designed to steal confidential information.
Soon after, Namecheap’s CEO Richard Kirkendall confirmed the company’s email had been hacked, saying the company had disabled sending via SendGrid while the investigation continued. Sendgrid is an email delivery service that Namecheap usually uses to send renewal notifications and newsletters.
Kirkendall later blamed the incident on “the master system”, saying that Namecheap itself was not affected.
“We have evidence that the master system we use to send emails (third party) is involved in sending unsolicited emails to our customers. As a result, some unauthorized emails may have been received by you,” the company said. “We would like to assure you that Namecheap’s own systems have not been compromised and your products, accounts and personal information remain safe.”
Kirkendall did not name this overarching system, leading some sources to believe he meant SendGrid. However, the email delivery service said it wasn’t them, causing further confusion.
“This situation is not the result of a hack or breach of Twilio’s network,” said Twilio SendGrid. “We are still investigating the situation and do not have any additional information to share at this time.”
By: Beeping Computer (opens in a new tab)