DDoS Protection , Security Operations

Hackers Attack DDoS Defense Hosting Firm

Credit Cards, Other Customer Data Exposed
Hackers Attack DDoS Defense Hosting Firm

Credit card and other personal information was exposed in a data breach of Internet hosting provider Staminus Communications, which specializes in protection against distributed denial-of-service attacks. The company hosts the website of the Ku Klux Klan white supremacist group, which was also brought down.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Hackers reportedly disrupted access to the website of Staminus Communications for at least 20 hours on March 10, and by March 14, staminus.net appeared to still be inaccessible. The Klan's website also appeared to remain offline.

Staminus' homepage on March 11 initially featured a statement from CEO Mat Mahvi acknowledging the outage, although claiming that "global services, as well as most auxiliary services, are back online for our customers."

The hosting firm has also warned that attackers appear to have stolen and leaked customer data. "Based on the initial investigation, we believe that usernames, hashed passwords, customer record information, including name and contact information and payment card data were exposed," Mahvi said in the statement. "It is important to note that we do not collect Social Security numbers or tax IDs."

But as of March 14, both the website - and that statement - still appeared to be only intermittently inaccessible, if at all.

Pilfered Data Reportedly Seen Online

A huge trove of data from Staminus appeared online, in a classic "hacker e-zine" format, according to Krebsonsecurity.com, which was the first to report on the incident. The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks.

"The authors of this particular e-zine indicated that they seized control over most or all of Staminus' Internet routers and reset the devices to their factory settings," the Krebs report says. "They also accuse Staminus of 'using one root password for all the boxes,' and of storing customer credit card data in plain text, which is violation of payment card industry standards."

Overly Optimistic

Hours after the outage, Staminus posted overly optimistic Twitter posts promising service would be shortly restored.

Staminus says it had notified law enforcement, including the FBI, once it learned its website was breached. "While the investigation continues," Mahvi says, "we have and will continue to put additional measures into place to harden our security to help prevent a future attack."

Although the exposed passwords were protected with a cryptographic hash, Mahvi urges customers to change their passwords.

Staminus says it notified its payment processor and all card brands so that they could monitor for fraudulent activity. The company advises its customers to regularly check their credit and debit card statements to see whether any fraudulent or suspicious activities occurred.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.