Anti-DDoS firm Staminus hacked, private data posted online

The anti-DDoS firm Staminus claims to provide total protection from cyber attacks — However, they couldn’t protect themselves from such attacks

Anti-DDoS firm, Staminus Communications Inc., a California-based Internet hosting provider that specializes in providing protection for customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. The company’s entire network was apparently down for more than 20 hours until Thursday evening, as customers showed their anger on social media networks Facebook and Twitter.

Someone posted online download links which appear to show data from Staminus, showing customer credentials, support tickets, credit card number and other sensitive data. This shows that the breach must have been something because people’s privacy is at stake here.

Staminus, which is based in Newport Beach, California, acknowledged the issue on its social media pages since they could not convey the message on their website as it was down and unavailable for most of the Thursday. Shows how severe the attack was if the owner themselves cannot get into the website.

Their statement read:

“Around 5 am PST today, a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable. Our technicians quickly began working to identify the problem. We understand and share your frustration. We currently have all hands on deck working to restore service but have no ETA for the full recovery.”

However their services are now functional and are back online and their ancillary services are also in the process of being brought online. Their website page though still shows a dark page, with a link referring visitors to Staminus social media pages so that people can try and understand what is happening and they can understand what Staminus is trying to do to fix the issue.

A Huge trove of data appeared on social media networks, in a case people are assuming that it is from the data that was stolen from Staminus. The links posted online lead to download databases that show data stolen from Staminus and one of its branches, Intreppid, which also targets customers looking for protection against large DDoS attacks.

The people who posted the data links say that they gained control of Staminus Internet routers and reset the devices to their factory settings. They also accused Staminus of being careless and “using one root password for all the boxes”, and being reckless enough to store customer credit card data in plain text. This is a violation of payment card industry standards.

Staminus, however, has not given any further details besides their posts on the social media networks about the outage. It also has not acknowledged any intrusion into their systems. Several people claiming to be Staminus customers said they had seen their own personal data in the trove of data that had been leaked online. This is a deep blow if a security company is being hacked. What hope do we have? We can only pray they manage to fix any loopholes in their systems.