Stratfor Denies Anonymous Breached Confidential Client List

By CIOinsight  |  Posted 12-28-2011 Print Email
Stratfor has asserted that hackers from the Anonymous collective did not steal its confidential client list, but rather a list of people who had purchased its publications.

Strategic Forecasting, an organization that focuses on intenerational security issues, is downplaying the severity of the cyber-attack it suffered over the weekend, claiming its client list had not been stolen.

A group of hackers claiming to be part of the hacktivist collective Anonymous attacked the global intelligence think tank on Dec. 24 and stole approximately 200GB of information, such as credit card numbers and other personal information, from Stratfor's servers, according to various posts on Twitter.

The attackers originally claimed to have obtained and disclosed Stratfor's confidential client list. However, CEO George Friedman said in a statement on Facebook on Dec. 25 that the information appears to be "merely" a list of members that have purchased Stratfor's publications in the past and did not necessarily mean those individuals or entities had any kind of relationship with the think tank.

Stratfor suspended its Website and warned members in an email that some names and personal information may be disclosed by the attackers on other sites. As of Dec. 27, the Website was still displaying a maintenance message.

The Stratfor attackers have published some of the stolen credit card information, which Identity Finder analyzed using its data discovery and protection software. The company identified 50,277 unique credit card numbers, of which 9,651 were active and not expired.

Identity Finder also found 44,188 passwords in the dumped dataset. Even though the passwords were encrypted, the company said roughly half could be easily cracked. Approximately 73 percent of decrypted passwords were considered weak in the analysis. Considering the prevalence of password reuse online, the threat is "significant," according to Todd Feinman, CEO of Identity Finder.

"The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as email," said Feinman.



 

Submit a Comment

Loading Comments...
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date