14 DAY TRIAL // An analysis of the leaked files reveals the true extent of the devastating Staminus data breach that took place last week after an unknown hacker had managed to access the company's network, shut down some of its infrastructure, and then steal most of its data, dumping it online.
The data breach took place between March 10 and 11, and because the hacker hosted the data via TOR servers, which have a notoriously slow download speed, it took some time before security experts managed to download all 30 GBs of the leaked information so they could examine it in depth.
An analysis of all the Staminus data was carried out by researchers from Risk Based Security (RBS), a cyber-intelligence firm from Richmond, Virginia, USA.
Confirmed: credit card details were stored in cleartext
According to their investigation, the hackers managed to get their hands on quite a lot of information, also validating the hacker's initial claim that credit card details were stored in cleartext.
Analysts are saying that the leaked data contained the personal information of 4,415 of the company's customers. This included full addresses, contact details, company details, emails, and encrypted passwords. For 2,042 of these customers, the Staminus database also contained full credit card details.
Additionally, RBS researchers also uncovered 141,403 entries of account billing details from various types of purchases Staminus clients made since the company started its activity.
Source code of Staminus apps and services included in the leak
Outside financial details, researchers also found the source code of most of the company's applications (svn.tar.gz, 229 MB, 4,172 Files, 376 Folders) and a full configuration file for the company's OpenVPN client.
Among other information included in the leaked documents are details about Staminus sales, site configuration, billing tracking, DDoS reporting, and full ticket history. The ticket history included more data as well, such as user details, ticket content, and the Staminus responses.
Researchers also discovered data relating to Staminus' servers configuration, along with information on its staff members, such as encrypted passwords, email addresses, and OAuth credentials in the form of tokens and generated user keys.
RBS also came across certificates used by Staminus for some of its services, along with site configurations for various internal or public-facing services. You can see the full inventory below, along with a list of KKK sites (Staminus clients) the hackers paid special care to include in the data leak as well. All of this was possible because, as the hacker claimed, Staminus used the same root password for most of its servers.
Site Configurations:
api.staminus.net
clients.staminus.net
gb.staminus.net
mrtg.staminus.net
portal.staminus.net
saml.staminus.net
manage.gobig.co
staff.gobig.co
img.stamin.us
sarasafari.com
sw.digitalrogues.com
vhost.staminus.net
viawest.staminus.net
www.staminus.net
www.techblogs.us
www.vrazo.com
www2.staminus.net
Certificates:
gobig.co_wildcard_02-15-13
img.stamin.us_02_12_14_1yr
staminus_ev_03-12-13_2yr
staminus_wildcard_05-16-10_2yr
staminus_wildcard_12-09-10_2yr
staminus_wildcard_12-09-14_2yr
Clients:
whiterightsparty.com
whiteprideparty.com
saveouramericanheritage.com
kkk.biz
nationalwhitepridealliance.com
kukluxklan.tv
americankkk.com
Harrisonarkansaswebsites.com
kkk.com
americanheritagecommittee.com
The @StaminusComm saga so far. Their lawyers not represented. @Cyber_War_News @josephfcox pic.twitter.com/opn8dSQ6NJ — Mr. Green (@Mario_Greenly) March 14, 2016