I must reiterate this is not a security breach at Namecheap, nor a hack against us. The hackers are using usernames and passwords being used have been obtained from other sources. These have not been obtained from Namecheap. But these usernames and passwords that the hackers now have are being used to try and login to Namecheap accounts.
Our early investigation shows that those users who use the same password for their Namecheap account that are used on other websites are the ones who are vulnerable.