Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Completely Shut Down DDoS Protection Firm Staminus (softpedia.com)

Posted by msmash on from the bad-guys-winning dept.

An anonymous reader writes: Hackers have breached DDoS protection firm Staminus, a US-based company that offers protection against a range of network security attacks including, well, DDoS. The fraudsters have also reportedly stolen sensitive data from Staminus' database and dumped it online. Apparently the company was using the same root password for all its servers, and had stored credit card details in plain text. The alleged security nightmare doesn't end there, unfortunately. Hackers managed to expose crucial services via external Telnet, and reset all of Staminus' routers to factory settings, causing a network and services downtime. Staminus acknowledged network and services issues, which apparently last for more than 20 hours, on Thursday, and later assured that its global services have been restored.

6 of 64 comments (clear)

  1. Re:credit card details in plain text? by redmid17 · · Score: 4, Funny

    Both people who use Bitcoin are very glad they weren't targeted.

  2. Protection firm? by wjcofkc · · Score: 5, Funny

    Apparently the company was using the same root password for all its servers, and had stored credit card details in plain text.

    Hackers managed to expose crucial services via external Telnet

    I would like to say mind = blown, but we see too much of this shit from so called "security companies". Anyone here want to start a real security company with me? Most of the people that will be posting in this thread are already more qualified than these "security companies" we keep reading about.

    As soon as I finish this sentence, I am changing my voicemail message to: I will be unavailable the rest of the day as I commit myself to breaking the world record on the single longest series of facepalms.

    --
    Brought to you by Carl's Junior.
  3. Not quite what you wanted to say? by SeaFox · · Score: 3, Funny

    Hackers have breached DDoS protection firm Staminus, a US-based company that offers protection against a range of network security attacks including, well, DDoS.

    Well... wouldn't it make sense that a DDoS protection firm would offer protection against DDoS?
    Unless the story here is the hackers took them down with a DDoS this sentence doesn't say as much as the author was hoping.
    So far it looks like a plain network intrusion case.

  4. Seriously? by JustAnotherOldGuy · · Score: 3, Funny

    Apparently the company was using the same root password for all its servers, and had stored credit card details in plain text.

    What a brilliant strategy- standardizing on server passwords!

    Storing credit card details in plain text is a super-duper PCI compliance no-no, however, and I'm truly amazed they had the balls to do this when they MUST have known better. This is one of the most serious violations when storing credit card data, and to have a security-industry company doing it is kind of mind-boggling.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  5. Renames Company To Stupidus. by zenlessyank · · Score: 3, Funny

    Changes root password and calls it a day.

  6. Re:Telnet by Ksevio · · Score: 4, Funny

    That's why I always run telnet over an SSH tunnel!