Newport Beach Security Company That Stymies Hackers is Stymied by Hackers

Perhaps your company has been hacked or you fear it will be.
If so, you’re likely in the market for a web security firm.

But what if your web security firm is the one that was hacked?

That’s a reality for Staminus Communications, a Newport Beach-based hosting and distributed denial of service (DDoS) protection company that went offline Thursday morning after what a representative described as “a rare event [that] cascaded across multiple routers in a system wide event, making our backbone unavailable.”

The hackers did a data dump of names, e-mail addresses, database table structures, routing tables and more personal information of Staminus customers.

Then they added insult to injury by posting this:

TIPS WHEN RUNNING A SECURITY COMPANY
* Use one root password for all the boxes
* Expose PDU’s [power distribution units in server racks] to WAN with telnet auth
* Never patch, upgrade or audit the stack
* Disregard PDO [PHP Data Objects] as inconvenient
* Hedge entire business on security theatre
* Store full credit card info in plaintext
* Write all code with wreckless abandon

The spelling error in the last one aside … OUCH!

An analysis by ARS Technica found no credit card information from Staminus customers was dumped after the “easy breach.”

That would really byte.

Leave a Reply

Your email address will not be published. Required fields are marked *