Following a series of highly publicized cyber attacks that occurred over the holidays, Stratfor today launched a rebuilt version of its website.
During the attacks, hackers stole and released personal information of Stratfor customers, including credit card data and hashed passwords. Attackers also managed to destroy company servers in what, Stratfor says, appeared to be an attempt to silence the company.
In response, Stratfor said it contracted Internet security firm Sec Theory to rebuild its website, email system and internal infrastructure.
One thing that was obvious based on data released by the hackers, and that Stratfor admitted to, is the fact that it didn’t encrypt credit card data stored on its servers. “We did not encrypt credit card files,” said Stratfor CEO George Friedman. “This was our failure. As the CEO of Stratfor, I take responsibility.”
Following the breach, approximately 860,000 passwords hashes were leaked, with several individuals and groups making a run to crack as many as possible. The Tech Herald was able to quickly crack 81,883 passwords, noting that 49 of them were single characters, and 51 were 15-23 characters long. Still a work in progress, many more passwords have been cracked since.
Stratfor also hired Verizon Business to conduct a forensic review of the hack and said that it was cooperating with the FBI on an investigation.
“We are now in a world in which anonymous judges, jurors and executioners can silence whom they want. This is a new censorship that doesn’t come openly from governments but from people hiding behind masks,” Friedman said.
Stratfor said it has offloaded its e-commerce operations to a third-party, eliminating the need for Stratfor to store credit card information in house.
The company said that it will communicate with subscribers about how to obtain new, secure passwords over the next few weeks.
Stratfor originally downplayed the hack of its systems that was credited to Anonymous in support of the AntiSec movement.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
