Hackers Breach DDoS Protection Firm Staminus

Posted on

KKK website data also stolen in the attack. Unknown hackers have breached the servers of DDoS protection firm Staminus, stealing sensitive data from its database, and dumping it online.

Staminus is a US-based company that’s specialized in providing DDoS protection systems. Besides its main offering, the company also provides a service called Intreppid, which delivers dedicated virtual private servers, with built-in DDoS protection features.

Hackers brought down Staminus’ entire network

The Staminus data breach happened yesterday after hackers managed to infiltrate the company’s server backbone, and have proceeded to reset them to factory settings, effectively bringing down the company’s entire network.

The hackers also stole Staminus’ database and dumped it online using the Hastebin anonymous text sharing portal.

After the company brought down their entire network yesterday at 7:30 AM PST, news about the breach made its way to Reddit, along with links to the Hastebin dump.

Before the Reddit thread revealed the data breach, Staminus posted the following comment on Twitter: “Around 5am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable.”

The company has not yet acknowledged the incident but has already started restoring service to its network.

Hackers stole credit card information

The Hastebin link contains a classic “ezine” that details what the attackers managed to access. The hackers said they were able to steal Staminus’ main database, the database of its Intreppid service, and the database of one of Staminus’ clients, the Ku Kluk Klan.

The hackers announced the breach with a dose of irony. The e-zine started with tips on how to run a security company, that also hold clues to how the attackers got access to the servers, what they stole, and why their breach was so successful.

    ~ Use one root password for all the boxes
~ Expose PDU's to WAN with telnet auth
~ Never patch, upgrade or audit the stack
~ Disregard PDO as inconvenient
~ Hedge entire business on security theatre
~ Store full credit card info in plaintext
~ Write all code with wreckless abandon

At the end of the ezine, the hackers posted Tor network links to all the data. Softpedia has not downloaded all files, but from the few we were able to grab because of Tor’s insanely slow speed, they appear to be valid.

Staminus clients are advised to look into credit card monitoring services, and also reset all their account passwords once the service is fully operational once again.

Other information that appears to be in the leaked data includes customer support tickets, server log data, chat logs, and the source code of some of the company’s services.

Softpedia has contacted Staminus for comment and would also like to thank Reddit user reefine for his help.

Data dump links at the end of the ezine [edited by Softpedia]

Data dump links at the end of the ezine [edited by Softpedia]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s