Hackers break into security company Staminus and steal data
15 Mar 2016
Companies that focus on protecting against hack attacks are finding themselves becoming bigger targets for hackers.
Anti-distributed denial of service (DDoS) software seller, Staminus, which offers an online hosting service focused on protecting against distributed denial of service attacks, found itself targeted last week.
Staminus went offline until Thursday night and had confirmed that the intruders took customer data that including payment card info, user names and (thankfully hashed) passwords. The perpetrators claimed to have attacked and reset the majority of Staminus' routers.
Though it was not clear whose handiwork it was and why the company had been targeted, according to commentators, it might be the result of political activism or aimed at embarrassing Staminus over its lax security. Staminus apparently made some elementary mistakes like storing card info in plain text and using the same password for all its routers. However, there was some consolation for users, by way of Staminus toughening up its security.
According to commentators, it was not out of the ordinary for anti-DDoS sites to end up as fodder for hackers, as they often hosted unsavory clients. According to Forbes, the data dump also included data from the Ku Klux Klan's KKK.com and ''related sites'' which, again, was not uncommon.
The company acknowledged, without specifying a data breach that there was a problem, in a message posted to Twitter on Thursday morning, ''Around 5 am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable.''
However, on Friday, the company confirmed it had been hacked and in a statement CEO Matt Mahvi said, ''To follow up on our communication from yesterday evening regarding the system outage, we can now confirm the issue was a result of an unauthorized intrusion into our network. As a result of this intrusion, our systems were temporarily taken offline and customer information was exposed. Upon discovering this attack, Staminus took immediate action including launching an investigation into the attack, notifying law enforcement and restoring our systems.''
