Staminus, a global hosting and Web security firm, suffered a major blow late last week when it became the victim of a security breach. Staminus is a hosting provider and provider of cloud-based DDoS mitigation services. (Their security customers are enterprises or smaller hosting providers who, when experiencing a DDoS attack, redirect their DDoS traffic to Staminus to have it cleaned and returned.)
The hackers not only kicked the company’s entire network offline for 20 hours but also stole usernames, hashed passwords, customer record information, including name and contact details, as well as payment card data. According to a KrebsonSecurity report, the hackers even published the data online in a hacker’s e-zine, and posted a tongue-in-cheek list of “Tips When Running a Security Company,” which chastised Staminus for not following security best practices.
Shortly following the incident, Staminus CEO, Matt Mahvi issued the following statement on the Company home page:
The attack was also reported in Tripwire’s State of Security column.