Perhaps your company has been hacked or you fear it will be.
If so, you're likely in the market for a web security firm.
But what if your web security firm is the one that was hacked?
That's a reality for Staminus Communications, a Newport Beach-based hosting and distributed denial of service (DDoS) protection company that went offline Thursday morning after what a representative described as "a rare event [that] cascaded across multiple routers in a system wide event, making our backbone unavailable."
The hackers did a data dump of names, e-mail addresses, database table structures, routing tables and more personal information of Staminus customers.
Then they added insult to injury by posting this:
If you like this story, consider signing up for our email newsletters.
SHOW ME HOW
You have successfully signed up for your selected newsletter(s) - please keep an eye on your mailbox, we're movin' in!
TIPS WHEN RUNNING A SECURITY COMPANY
* Use one root password for all the boxes
* Expose PDU's [power distribution units in server racks] to WAN with telnet auth
* Never patch, upgrade or audit the stack
* Disregard PDO [PHP Data Objects] as inconvenient
* Hedge entire business on security theatre
* Store full credit card info in plaintext
* Write all code with wreckless abandon
The spelling error in the last one aside ... OUCH!
An analysis by ARS Technica found no credit card information from Staminus customers was dumped after the "easy breach."
That would really byte.