Newport Beach Security Company That Stymies Hackers is Stymied by Hackers

Translation: Oopsie!
Translation: Oopsie!
Staminus Communications

Perhaps your company has been hacked or you fear it will be.
If so, you're likely in the market for a web security firm.

But what if your web security firm is the one that was hacked?

That's a reality for Staminus Communications, a Newport Beach-based hosting and distributed denial of service (DDoS) protection company that went offline Thursday morning after what a representative described as "a rare event [that] cascaded across multiple routers in a system wide event, making our backbone unavailable."

The hackers did a data dump of names, e-mail addresses, database table structures, routing tables and more personal information of Staminus customers.

Then they added insult to injury by posting this:

TIPS WHEN RUNNING A SECURITY COMPANY
* Use one root password for all the boxes
* Expose PDU's [power distribution units in server racks] to WAN with telnet auth
* Never patch, upgrade or audit the stack
* Disregard PDO [PHP Data Objects] as inconvenient
* Hedge entire business on security theatre
* Store full credit card info in plaintext
* Write all code with wreckless abandon

Upcoming Events


The spelling error in the last one aside ... OUCH!

An analysis by ARS Technica found no credit card information from Staminus customers was dumped after the "easy breach."

That would really byte.


Sponsor Content

Newsletters

All-access pass to the top stories, events and offers around town.

  • Top Stories
    Send:

Newsletters

All-access pass to top stories, events and offers around town.

Sign Up >

No Thanks!

Remind Me Later >