Anti-DDoS Host Hacked
If you were looking to Staminus Communication Inc for protection against DDoS attacks, you might want to consider looking somewhere else. The Internet hosting provider that specializes in distribute denial of service (DDoS) protection, has itself been hacked, knocking Staminus’s entire network completely offline for more than 20 hours.
While Staminus was trying to get its routers back up and online, someone posted a huge chuck of data stolen from not only Staminus, but Intreppid, a project under the Staminus umbrella that also supposedly protects costumers from DDoS attacks. Included in this information was customer credentials, credit card numbers, and support tickets among other data.
While the company’s website displays a black page pointing customers to its social media pages, Staminus is claiming its global services are back online and are working to bring other services back up, though they have not acknowledge any intrusion or data breach. Meanwhile, the hackers are claiming that not only were they able to take control over Staminus’s internet routers, they were able reset them to their factory setting because Staminus used one root password for all of them. Worse than that, the hackers claim Staminus violated payment card industry standards by storing all of their customer credit card information without encryption in plain text.
Anti-DDoS providers are a pretty common target for attacks as they typically host content for customers who specialize in content that may be considered offensive. Aside from hosting the official homepage of the Ku Klux Klan, they also host a significant number of internet relay chat (IRC) networks, which are commonly used to lay the groundwork for large DDoS attacks.