Stratfor left red-faced by security breach
Anonymous publishes names, credit card numbers, encrypted passwords of 75,000 customers
TechLife | 03 Jan 2012 :
Hacktivist collective Anonymous has released personal user data from Stratfor Global Intelligence, a widely used research and analysis company whose website was attacked last weekend.
The data purports to be the names and credit card numbers of people who have purchased research from Stratfor plus hundreds of thousands of user names and e-mail addresses used to register with the website.
The data, posted on Pastebin, then provided several links to websites hosting the information. They noted that some 50,000 of the e-mail addresses released end in ".mil" or ".gov."
The data comprises 75,000 names, credit card numbers and MD5 hashes, or cryptographic representations, of passwords for people who have paid Stratfor for research. The group also said the data contains 860,000 user names, e-mail addresses and MD5 hashes for passwords for anyone who has registered on Stratfor's website.
Stratfor said it would offer a free one-year subscription to an identity protection service to those affected.
Stratfor's CEO, George Friedman, wrote on the company's Facebook page that the intrusion revealed the names of some corporate subscribers along with personal and credit card data.
A first batch of data was released by hackers shortly after the breach last week. Stratfor denied the hackers' claim that data was a list of "private clients" but rather a list of members who may have purchased a publication.
Barrett Brown, a de facto spokesman for Anonymous, wrote on Pastebin that the hack wasn't aimed at stealing credit card numbers but rather 2.7 million internal e-mails.
"This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor's employees off the record over more than a decade," Brown wrote. "Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions."
A placeholder page on Stratfor's website said the company was "investigating this unfortunate event".
IDG News Service