The Christmas Day hack attack on the website of think tank Strategic Forecasting Inc. (Stratfor) may have affected some 50,000 people and compromised some 50,277 credit card numbers, a data protection firm said.
Identity Finder said the data breach may have also compromised 44,188 hashed passwords and some 47,680 email addresses.
"The hackers/breachers have released personal information for Stratfor subscribers whose first names begin with A through M; presumably N through Z will be released in the coming days. Breachers have also claimed to copy 2.7 million emails which have yet to be released," it said
Hacktivist groups Anonymous and AntiSec had claimed responsibility for the attack while Stratfor sought to downplay it.
Identity Finder said its analysis of the data posted to date by Anonymous and AntiSec contain the following personally identifiable information:
- 50,277 Unique Credit Card Numbers, of which 9,651 are not expired. Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
- 86,594 email addresses, of which 47,680 are unique.
- 27,537 phone numbers, of which 25,680 are unique.
- 44,188 encrypted passwords, of which roughly half could be easily cracked.
It also found that:
- 73.7 percent of decrypted passwords were weak.
- 21.7 percent of decrypted passwords were medium strength.
- 4.6 percent of decrypted passwords were strong.
- 10 percent of decrypted passwords were less than 5 characters long.
- Only 4.8 percent of decrypted passwords were 10+ characters long.
Also, it found 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.
“This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target,” said Identity Finder CEO Todd Feinman.
Aaron Titus, Identity Finder’s Privacy Officer added the number of posted passwords and the threat of password re-use is significant.
"Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail," he added. — TJD, GMA News