Staminus Communications – a California-based hosting and DDoS (Distributed Denial of Service) protection company – is recovering a massive data breach after hackers broke down into its servers and leaked personal and sensitive details of its customers.
Though the company acknowledged that there was a problem in a message posted to Twitter on Thursday morning, it did not specify a data breach.
Staminus's website went offline at 8 am Eastern Time on Thursday, and on Friday afternoon, a representative said in a Twitter post that "a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable."
The Staminus data breach occurred after hackers infiltrated the company's server backbone, seized control of Staminus' routers and then reset them to factory settings, which effectively brought down the company's entire network.
The hackers also stole the company's database and dumped it online. Links to downloads of the internal Staminus data were published in a file sarcastically headlined, "TIPS WHEN RUNNING A SECURITY COMPANY," detailing the security holes (given below) found during the data breach:
- Use one root password for all the boxes
- Expose PDU's [power distribution units in server racks] to WAN with telnet auth
- Never patch, upgrade or audit the stack
- Disregard PDO [PHP Data Objects] as inconvenient
- Hedge entire business on security theatre
- Store full credit card info in plaintext
- Write all code with wreckless abandon
Although the total number of victims has not been known yet, Forbes reported that the data breach included at least 15 gigabytes worth of data belonging to Staminus.
Security researcher Nathan Malcolm from Sinthetic Labs told the publication that he analysed the data dump and found unencrypted credit card numbers, expiry dates and CVVs for as many as 1,971 Staminus customers.
Potential motives for hacking Staminus are quite easy to figure out.
Staminus' clients include the white supremacist group Ku Klux Klan (www.kkk.com). The company also hosts several IRC (Internet Relay Chat) channels for large-scale DDoS attack services, Krebsnoted.
Staminus CEO Matt Mahvi published the following statement on the Staminus website (which again went offline), confirming the data breach.
"We can now confirm the issue was a result of an unauthorized intrusion into our network. As a result of this intrusion, our systems were temporarily taken offline and customer information was exposed. Upon discovering this attack, Staminus took immediate action including launching an investigation into the attack, notifying law enforcement and restoring our systems.
Based on the initial investigation, we believe that usernames, hashed passwords, customer record information, including name and contact information, and payment card data were exposed. It is important to note that we do not collect Social Security numbers or tax IDs.
While the investigation continues, we have and will continue to put additional measures into place to harden our security to help prevent a future attack. While the exposed passwords were protected with a cryptographic hash, we also strongly recommend that customers change their Staminus password."
Staminus' website came back online and believed to be wiped clean, but at the time of writing the website is still unavailable.
Breached data is available on torrent visit staminus.thecthulhu.com to access it.
~Peace
zer0
If you ever want to change or up your university grades contact cybergolden hacker he'll get it done and show a proof of work done before payment. He's efficient, reliable and affordable. He can also perform all sorts of hacks including text, whatsapp, password decrypt,hack any mobile phone, Escape Bancruptcy, Delete Criminal Records and the rest
ReplyDeleteEmail: cybergoldenhacker at gmail dot com