1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Compromised data goes public as Staminus recovers from attack

Discussion in 'CSO' started by RSS, Mar 14, 2016.

  1. RSS

    RSS New Member Member

    Over the weekend, nearly 50GBs of compromised data was published to the Web after an attacker completely compromised Staminus, a security firm focused on DDoS mitigations.

    The Staminus breach impacts websites from a wide spectrum, such as domains in the Minecraft community, to hate websites maintained by the Ku-Klux-Klan (KKK).

    On Friday, the person(s) responsible for the Staminus attack (a group known as FTA) posted a lengthy message detailing the company's ransacking, mocking their security posture and practices.

    The message itself served as proof positive of the attack, complete with configuration files, network routing outlines, and database schemas. In addition, the post listed examples of poorly maintained customer passwords (MD5 with what appears to be a five character salt) and the use of a single root password across multiple critical systems (St4m|nu5).

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page