DDoS Protection Firm Gets Pwned

Staminus Communications, a California-based company that offers protection against DDoS attacks, was the victim of a hacking last week.

The company provides protection against distributed denial of service (DDoS) attack. However, last week, it went offline for at least 20 hours after it was hacked, PC Mag reported. Sensitive customer data leaked as a result of the hacking.

"Around 5 a.m. PST [March 10], a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable," Staminus posted on Twitter.

"Our technicians quickly began working to identify the problem. We understand and share your frustration," the company also tweeted. At around 6:20 p.m., the company again posted a tweet saying global services was back online.

The hackers dumped private data online. According to expert Brian Krebs, it is called a "classic 'hacker e-zine' format," called "F**k 'em all."

In other words, the hacker group gained control over Staminus's Internet routers, resetting the devices to their factory settings.

"We can now confirm the issue was a result of an unauthorized intrusion into our network. As a result of this intrusion, our systems were temporarily taken offline and customer information was exposed," Staminus CEO Matt Mahvi said in a statement published on Friday. "Upon discovering this attack, Staminus took immediate action including launching an investigation into the attack, notifying law enforcement and restoring our systems."

Among the leaked information included usernames, customer record information, hashed passwords, and payment card data. Thankgully, there were no social security number of tax IDs leaked as Staminus does not collect these.

"While the investigation continues, we have and will continue to put additional measures into place to harden our security to help prevent a future attack," Mahvi said.

"I fully recognize that our customers put their trust in Staminus and, while we believe that the issue has been contained, we are continuing to take the appropriate steps needed to safeguard our clients' information and enhance our data security policies," he added, encouraging all users to change their password immediately.

Krebs pointed out that "anti-DDoS providers are a common target for hackers; the sites often host customers whose content is offensive or hateful." 

Real Time Analytics