DDoS Protection Firm Gets Pwned
By Beverly Linao | Mar 15, 2016 08:40 AM EDT
Staminus Communications, a California-based company that offers protection against DDoS attacks, was the victim of a hacking last week.
The company provides protection against distributed denial of service (DDoS) attack. However, last week, it went offline for at least 20 hours after it was hacked, PC Mag reported. Sensitive customer data leaked as a result of the hacking.
"Around 5 a.m. PST [March 10], a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable," Staminus posted on Twitter.
"Our technicians quickly began working to identify the problem. We understand and share your frustration," the company also tweeted. At around 6:20 p.m., the company again posted a tweet saying global services was back online.
The hackers dumped private data online. According to expert Brian Krebs, it is called a "classic 'hacker e-zine' format," called "F**k 'em all."
In other words, the hacker group gained control over Staminus's Internet routers, resetting the devices to their factory settings.
"We can now confirm the issue was a result of an unauthorized intrusion into our network. As a result of this intrusion, our systems were temporarily taken offline and customer information was exposed," Staminus CEO Matt Mahvi said in a statement published on Friday. "Upon discovering this attack, Staminus took immediate action including launching an investigation into the attack, notifying law enforcement and restoring our systems."
Among the leaked information included usernames, customer record information, hashed passwords, and payment card data. Thankgully, there were no social security number of tax IDs leaked as Staminus does not collect these.
"While the investigation continues, we have and will continue to put additional measures into place to harden our security to help prevent a future attack," Mahvi said.
"I fully recognize that our customers put their trust in Staminus and, while we believe that the issue has been contained, we are continuing to take the appropriate steps needed to safeguard our clients' information and enhance our data security policies," he added, encouraging all users to change their password immediately.
Krebs pointed out that "anti-DDoS providers are a common target for hackers; the sites often host customers whose content is offensive or hateful."
Most Popular
-
1
CVS Health Pharmacy: The First to Join Pharmacy Guild in Advocating for Fair Working Conditions -
2
Starbucks, Workers United Making Significant Progress, Commit to Working Together Towards Reaching A Collective Bargaining Agreement -
3
Imposter Syndrome: An Ultimate Guide to Counteract Negative Emotions -
4
Team Chat Etiquette: The Do’s and Don'ts When Reaching Out to Colleagues -
5
Costco Reaches Terms with The City Council, Slated to Open in California as The World’s Largest -
6
Walmart-Owned One Gears to Become A Financial Superapp, Pushes Buy Now, Pay Later Scheme -
7
Top 5 Side Hustles You Can Start in 2024 with $0 Start-Up Cost