Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Stratfor Re-Launches Corporate Website After Cyber Attacks

Following a series of highly publicized cyber attacks that occurred over the holidays, Stratfor today launched a rebuilt version of its website.

During the attacks, hackers stole and released personal information of Stratfor customers, including credit card data and hashed passwords. Attackers also managed to destroy company servers in what, Stratfor says, appeared to be an attempt to silence the company.

Following a series of highly publicized cyber attacks that occurred over the holidays, Stratfor today launched a rebuilt version of its website.

During the attacks, hackers stole and released personal information of Stratfor customers, including credit card data and hashed passwords. Attackers also managed to destroy company servers in what, Stratfor says, appeared to be an attempt to silence the company.

In response, Stratfor said it contracted Internet security firm Sec Theory to rebuild its website, email system and internal infrastructure.

One thing that was obvious based on data released by the hackers, and that Stratfor admitted to, is the fact that it didn’t encrypt credit card data stored on its servers. “We did not encrypt credit card files,” said Stratfor CEO George Friedman. “This was our failure. As the CEO of Stratfor, I take responsibility.”

Following the breach, approximately 860,000 passwords hashes were leaked, with several individuals and groups making a run to crack as many as possible. The Tech Herald was able to quickly crack 81,883 passwords, noting that 49 of them were single characters, and 51 were 15-23 characters long. Still a work in progress, many more passwords have been cracked since.

Stratfor also hired Verizon Business to conduct a forensic review of the hack and said that it was cooperating with the FBI on an investigation.

“We are now in a world in which anonymous judges, jurors and executioners can silence whom they want. This is a new censorship that doesn’t come openly from governments but from people hiding behind masks,” Friedman said.

Stratfor said it has offloaded its e-commerce operations to a third-party, eliminating the need for Stratfor to store credit card information in house.

The company said that it will communicate with subscribers about how to obtain new, secure passwords over the next few weeks.

Stratfor originally downplayed the hack of its systems that was credited to Anonymous in support of the AntiSec movement. 

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.