Hackers Leak Customer Data From DDoS Protection Firm Staminus
Distributed denial of service (DDoS) protection company Staminus was breached last week, when attackers managed to steal sensitive information from its database and publish it online.
Following the hack, the Staminus network was down for several hours, while the attackers apparently managed to grab a large amount of customer data. As it turns out, more than 15GB of data was published online following the attack, with download links for customer login credentials, support tickets, server log data, chat logs, and credit card numbers appearing on Tor.
A Hastebin link posted online included information on what data the attackers managed to access, revealing that Staminus’ entire database might have been compromised, along with the database of the Intreppid service (which provides customers with dedicated virtual private servers that have DDoS protection features built-in).
What’s more, the hackers discovered that the security firm was providing service to the white supremacist group Ku Kluk Klan (KKK) and its affiliates, and revealed sensitive information pertaining to this Staminus client as well. For the time being, however, the company hasn’t provided details on the incident, nor has it confirmed the data breach.
According to the hackers, the security firm might have made some critical mistakes when it came to securing its data, such as using one root password for all the boxes. Moreover, the attackers also say that Staminus was storing full credit card info in plaintext that that it didn’t patch, upgrade or audit the stack in due time.
For the time being, the only details available on the breach comes from the Hastebin link posted by Staminus’ attackers, which suggest they had access to the entire “Staminus & co infrastructure.” The hackers also note that they decided to reveal information pertaining to the security firm’s relation with the KKK because “choosing such an awful host as Staminus however is unforgiveable, and consequently they had to be punished.”
The United States-based company was breached on Thursday, when the company took it to Twitter to announce that its network has been impacted, but without offering additional details on the matter.
On Friday morning, they announced that the incident “cascaded across multiple routers” making the backbone unavailable, but the company was able to restore its service by the end of the day.
Around 5am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable.
— DDoS Protection (@StaminusComm) March 10, 2016
Global services are now back online, ancillary services are currently being brought back online. We expect full service restoration soon.
— DDoS Protection (@StaminusComm) March 11, 2016
Staminus CEO Matt Mahvi posted a statement on the company website on Friday, though the site was offline for days following, and the company’s Twitter account has remained silent since Friday.
Until the company manages to fully restore its website, customers are advised to cancel their credit cards or choose a credit card monitoring service. Once the Staminus service is restored, they should also consider changing all of their account passwords.
“In this case, it ended in a good way,” David Maman, Co-Founder and Chief Technology Officer at database security firm HexaTier, told SecurityWeek. “Shaming has become the best possible outcome for a breached company. What if the attacker had started selling the ‘down time’ of the customers ‘protected’ by this security firm? Or even worse, what if the attacker had used the entire infrastructure at a critical time to attack additional security companies? Or even government sites?”