Breach at DDoS Protection Firm Staminus Exposes 2,300 Clients

Last week, distributed denial of service (DDoS) protection company Staminus was breached in an attack that appears to have impacted roughly 2,300 current and past customers.

The attack took place on Thursday and rendered the company’s services unusable for several hours, with the Staminus website itself being offline for days. The company took to Twitter to reveal that it was breached, and also posted an announcement to its website, revealing what type of information the intruders were able to access.

As it turns out, they were able to do significant damage, with the company saying that usernames, hashed passwords, customer record information, including name and contact information, and payment card data were exposed in the breach.

Staminus did not offer additional details on the exposed information, but the attackers posted the leaked data online, with more than 15GB of information put up on Tor. The attackers also revealed that they were able to breach the company because of poor security measures and lack of proper updates.

An analysis of the data revealed that approximately 2,300 previous and current Staminus clients were affected, including Internet hosting service providers and small, individual websites, RiskBased Security reports.

Exposed data included a billing table containing 141,403 tracks of account billing from purchases and an account table containing 4,415 users’ details (such as addresses, contact details, company details, emails, and encrypted passwords). The leak also included 2,042 full card details, as well as information related to sales, site configuration, billing tracking and other configuration values.

The attackers also managed to access data related to DDoS reporting and tickets, along with full ticket history with user details and Staminus responses, and staff details with encrypted passwords, email addresses, and Oauth credentials in the form of tokens and generated user keys. Cleartext passwords and an example connection to the Staminus API and full database connection for the Staminus system was also leaked.

Just as the attackers revealed when posting the exposed data online, some of the Staminus clients were subject to controversy, such as a website run by the Ku Klux Klan. Other similar domains, albeit old or very small, were also included in the leak.

Staminus CEO Matt Mahvi posted a message on the company’s website, informing customers that the company has launched an investigation on the breach, while also advising them to change their passwords. He also said that the issue has been contained and that the company will take the necessary steps to safeguard clients’ information.


About Author