Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

Anonymous Nabs 50,000 Credit Card Numbers From Security Think Tank

Analysis of stolen data yields some 44,000 passwords; more than 9,000 credit cards are currently active

Dec 27, 2011 | 11:09 PM | 

By Tim Wilson
Dark Reading
Hacktivist group Anonymous stole more than 50,000 credit card numbers, along with a variety of other data, in its hack of private security think tank Stratfor earlier this week, according to analysis of the data.

The identity theft protection firm said it analyzed the data stolen and posted by Anonymous and has come up with the following figures:

• 50,277 unique credit card numbers, of which 9,651 are not expired.

• 86,594 email addresses, of which 47,680 are unique.

• 27,537 phone numbers, of which 25,680 are unique.

• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked.

• 73.7 percent of decrypted passwords were weak.

•10 percent of decrypted passwords were less than 5 characters long

• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world

The hackers claim to have an additional 2.7 million email messages that they have not yet released. Anonymous stated that Stratfor isn’t "the harmless company it tries to paint itself as," and that the emails will show that.

Stratfor has promised to inform the affected customers no later than Dec. 28.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Authentication Reports

report Will Smartcards Live Up to Their Name?
Recent compromises of smartcard data have exacerbated concerns about the technology?s privacy, security and standards (or lack thereof). Yet the promise of smartcards is too compelling to ignore. New technologies and applications prompt us to take a fresh look.

report Get The Best Of Biometrics
As data volume and sensitivity grow, companies cannot rely on password- and token-based authentication. Biometrics can be used to provide strong access control, but you must weigh added complexity and costs against assurance that users are who they say they are.

report Proof of Identity: How to Choose Multifactor Authentication
User names and passwords are no longer sufficient authentication. In a time when so much business depends on the Internet, security requirements and regulatory mandates are putting pressure on business to adopt strong, multifactor authentication methods. In this Tech Center report, we explain how to weigh cost vs. risk to select the Web authentication method for your high-risk applications.

Other reports from the Authentication Tech Center:

Related Content

Effective and Painless Multi-factor Authentication
When the information age was young, authentication was simple-assign the user a password. Today, user populations have expanded and users access numerous distinct systems with each system requiring credentials. That said, it is no surprise that users have reverted to tactics that invalidate the security strength of passwords. Yet, the use of passwords as the only means to certify a user's identity still remains prevalent among SMBs. There is a new, multi-factor authentication approach that strengthens identity authentication and does not introduce extra cost, user inconvenience, and administrative. This white paper describes why multi-factor authentication is rising in importance and reviews the pros and cons of different multi-factor authentication approaches.

Man-in-the-Browser Attacks Explained
Cybercriminals are using more advanced methods to target online users. One of the fastest growing threats today is the man-in-the-browser (MITB) Trojan attack - an attack designed to intercept data as it passes over a secure communication between a user and an online application. Propagation of man-in-the-browser attacks is being helped by spear phishing attacks, the popularity of social networking sites, and the increase in drive-by downloads. In the last year, there has been an exponential increase in the number of these attacks against financial institutions. This white paper introduces the MITB attack, explains the infection rate, features and functionality of the attack and provides advice on how financial institutions can mitigate the threat.

How to: Select the Best Authentication Solution for Your Business
With the number of new and emerging security products being denoted by analysts as the "silver bullet" solution, it is critical to recognize that there are many authentication choices available on the market. The Authentication Decision Tree is a comprehensive tool that helps organizations understand, evaluate and select the most appropriate authentication solution to meet the needs of their users and their business. This white paper provides an overview of the Authentication Decision Tree, examines the five factors critical to selecting an authentication solution, and offers a clear guide to selecting the right solution that effectively balances risk, cost and end user convenience.

Strong Authentication for SMBs
Small and mid-sized businesses authenticate their end-users primarily with passwords, in spite of the fact that passwords are less secure, inconvenient and more expensive then stronger forms of authentication. This white paper reveals recent research conducted by Aberdeen on the drivers, inhibitors and technology adoption trends among SMBs. Find out what authentication solutions are well-designed to address the needs of SMBs.

How to Make the Case for Strong Authentication
With today's threat landscape and the increased value placed on the information created and stored, systems that rely on static passwords for security are left vulnerable and at high risk of being breached. This paper examines the need for strong authentication and explores the return on investment in order to help organizations make an informed decision when contemplating their strategic move toward more effective security.