Hackers steal data from anti-ddos service provider Staminus

The American company Staminus has been the victim of an internet attack, in which customer data was stolen and as a result of which the services of the company were not available for some time. Among the data are usernames and hashed passwords.

According to Staminus CEO Matt Mahvi, an investigation is now underway into the exact course of events in the attack. He confirms that an intruder had gained unauthorized access to the Staminus network. He adds that in addition to customer usernames and passwords, contact information and payment details have also been stolen.

This data was available on the Internet just hours after the Staminus services went down, reports security researcher Brian Krebs. The attackers had added a message to the data entitled “tips for running a security company.” One of the tips was that it is wise to use a single root password for all machines. The advice is clearly sarcastic.

It is also mentioned that credit card data should best be stored in plain text. However, Ars Technica indicates that it has not found such payment details in the leaked data. Krebs notes that it is not uncommon for anti-ddos service providers to be the target of attacks, because they often have unloved customers. Staminus also has such customers, he says, including the Ku Klux Klan.

The security company Staminus is based in California and offers hosting services in addition to ddos ​​protection. The company’s website is not yet available at the time of writing.

The message from the hackers