Updated Staminus Communications – a US web hosting biz that specializes in protecting sites from distributed denial-of-service attacks – is recovering after hackers ransacked its servers and leaked customer credit card numbers.
Its systems fell over for about 20 hours up until the early hours of Friday morning, UK time, or late at night on Thursday at its home base in California. The firm initially blamed the brown-out on "a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable."
However, it has since emerged that Staminus was thoroughly hacked and torn down from the inside. Customer records, including credit card numbers, were swiped and leaked online: links to downloads of the internal company data were published in a file headlined, "Tips when running a security company."
In a statement on Friday, Staminus CEO Matt Mahvi said:
We can now confirm the issue was a result of an unauthorized intrusion into our network. As a result of this intrusion, our systems were temporarily taken offline and customer information was exposed. Upon discovering this attack, Staminus took immediate action including launching an investigation into the attack, notifying law enforcement and restoring our systems.
Based on the initial investigation, we believe that usernames, hashed passwords, customer record information, including name and contact information, and payment card data were exposed. It is important to note that we do not collect Social Security numbers or tax IDs.
While the investigation continues, we have and will continue to put additional measures into place to harden our security to help prevent a future attack. While the exposed passwords were protected with a cryptographic hash, we also strongly recommend that customers change their Staminus password.
The miscreants who hacked Staminus and leaked the company's insides over the web said they seized control of the firm's routers and reset the devices to their factory settings. They also claimed the hosting firm used the same root password on all of its boxes – which would make compromising the whole business a walk in the park – and that Staminus stored customer credit card data in plain text.
Finally, Staminus' website looks as though it has been wiped clean.
Potential motives for attacking Staminus are easy to speculate upon. Its clients include kkk.com, the official home page of the Ku Klux Klan. Staminus also hosts IRC channels for DDoS-launching riffraff, Krebs added. Such communication forums are a tempting potential target for rival DDoS gangs, suppliers of booter services, and sundry hacktivists. ®
This article was updated after publication to include the CEO's statement.