Breach Response , Data Breach , DDoS
Credit Cards, Other Customer Data Exposed
Credit card and other personal information was exposed in a data breach of Internet hosting provider Staminus Communications, which specializes in protection against distributed denial-of-service attacks. The company hosts the website of the Ku Klux Klan white supremacist group, which was also brought down.
See Also: Unlocking Software Innovation with Secure Data as a Service
Hackers reportedly brought down the website of Staminus Communications for about 20 hours on March 10, and as of late March 11 staminus.net was only partially restored. The Klan's website remained offline as of Friday evening Eastern time.
Staminus' home page on Friday featured a statement from CEO Mat Mahvi, but provided no links to other pages on its website. Attempts to access other Staminus pages using specific URLs failed.
"Based on the initial investigation, we believe that usernames, hashed passwords, customer record information, including name and contact information and payment card data were exposed," Mahvi said in the statement. "It is important to note that we do not collect Social Security numbers or tax IDs."
Pilfered Data Reportedly Seen Online
A huge trove of data from Staminus appeared online, in a classic "hacker e-zine" format, according to Krebsonsecurity.com, which was the first to report on the incident. The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks.
"The authors of this particular e-zine indicated that they seized control over most or all of Staminus' Internet routers and reset the devices to their factory settings," the Krebs report says. "They also accuse Staminus of 'using one root password for all the boxes,' and of storing customer credit card data in plain text, which is violation of payment card industry standards."
Overly Optimistic
Hours after the outage, Staminus posted overly optimistic Twitter posts promising service would be shortly restored.
Global services are now back online, ancillary services are currently being brought back online. We expect full service restoration soon.
Staminus says it had notified law enforcement, including the FBI, once it learned its website was breached. "While the investigation continues," Mahvi says, "we have and will continue to put additional measures into place to harden our security to help prevent a future attack."
Although the exposed passwords were protected with a cryptographic hash, Mahvi urges customers to change their passwords.
Staminus says it notified its payment processor and all card brands so that they could monitor for fraudulent activity. The company advises its customers to regularly check their credit and debit card statements to see whether any fraudulent or suspicious activities occurred.
Watch for updates on this developing story.