Newport Beach, Calif.-based Staminus first acknowledged an issue on its social media pages because the company’s Web site was unavailable much of Thursday.
Staminus Communications – a California-based hosting and DDoS (Distributed Denial of Service) protection company – is recovering a massive data breach after hackers broke down into its servers and leaked personal and sensitive details of its customers.
Though the company acknowledged that there was a problem in a message posted to Twitter on Thursday morning, it did not specify a data breach. Staminus's website went offline at 8 am Eastern Time on Thursday, and on Friday afternoon, a representative said in a Twitter post that "a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable." What type of information? The dump of information on Staminus' systems includes:
The data was posted on the Internet Friday morning, and some Staminus customers who wish to remain anonymous confirmed that their data was part of the leaked data dump. However, the company says it does not store or collect its customers' Social Security numbers (SSNs) or tax IDs, so they are safe from the data breach.
The Staminus data breach occurred after hackers infiltrated the company's server backbone, seized control of Staminus' routers and then reset them to factory settings, which effectively brought down the company's entire network. The hackers also stole the company's database and dumped it online. Links to downloads of the internal Staminus data were published in a file sarcastically headlined, "TIPS WHEN RUNNING A SECURITY COMPANY," detailing the security holes (given below) found during the data breach:
How many customers affected?
Although the total number of victims has not been known yet, the data breach included at least 15 gigabytes worth of data belonging to Staminus. Security researcher Nathan Malcolm from Sinthetic Labs told the publication that he analysed the data dump and found unencrypted credit card numbers, expiry dates and CVVs for as many as 1,971 Staminus customers.
What was the motive for the breach?
Potential motives for hacking Staminus are quite easy to figure out. Staminus' clients include the white supremacist group Ku Klux Klan (www.kkk.com). The company also hosts several IRC (Internet Relay Chat) channels for large-scale DDoS attack services, Krebs noted.
What was the company's response?
Staminus CEO Matt Mahvi published the following statement on the Staminus website (which again went offline), confirming the data breach.
Staminus' website came back online and believed to be wiped clean, but at the time of writing the website is still unavailable.
What victims should do?
Staminus customers are recommended to review their credit card statements carefully and to report any unauthorized bank transactions. Meanwhile, Staminus has also advised its customers to reset all their account passwords once the service is fully operational once again.