Hackers Behind Biggest-Ever Password Theft Begin Attacks

An anonymous reader writes Back in August, groups of Russian hackers assembled the biggest list of compromised login credentials ever seen: 1.2 billion accounts. Now, domain registrar Namecheap reports the hackers have begun using the list to try and access accounts. "Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. ... The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts." They report that most login attempts are failing, but some are succeeding. Now is a good time to check that none of your important accounts share passwords.

Notified and ignored?

[bjwest]

Did Namecheep notify it's users via email that their system was compromised and they need to change their password? If so, and they ignored it, oh well, it's your own damn fault. If Namecheep didn't notify it's users via email, then Namecheep is at fault and should be accountable for any damages, monetary or otherwise.