Russian hacking group may have given itself away through failed logins.
Hackers are exploiting stolen credentials alleged to have been taken in the CyberVor attack involving 1.2 billion unique records, according to domain registrar Namecheap.
The company was alerted to a potential problem by an increased load on its servers, and believes that details taken from other sites are being used with fake web browser software to gain access to Namecheap accounts.
Matt Russell, vice president of hosting at Namecheap, said: "The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed.
"As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data."
Though some accounts had been successfully broken into the registrar has blocked those affected and contacted their owners.
However the assertion that the CyberVors hacking group, thought to be based in Russia, is responsible for the attack appears to be speculation, and Namecheap has been contacted for further details.
"I must reiterate this is not a security breach at Namecheap, nor a hack against us," Russell added. "The hackers are using usernames and passwords being used have been obtained from other sources."