On Christmas Day the target was security think tank Strategic Forecasting, or Stratfor. This time it was SpecialForces.com, a Web site that sells military gear.
"Continuing the week long celebration of wreaking utter havoc on global financial systems, militaries, and governments, we are announcing our next target: the online piggie supply store SpecialForces.com," the group wrote in a Pastebin posting today.
The hackers said they breached the SpecialForces.com site months ago, but only just got around to posting the customer data. Even though the site's data was encrypted, they claim to have 14,000 passwords and details for 8,000 credit cards belonging to Special Forces Gear customers.
Special Forces Gear founder Dave Thomas confirmed that his company's Web servers were compromised by Anonymous in late August, resulting in a security breach that allowed the hackers to obtain customer usernames, passwords, and possibly encrypted credit card information in some cases. "We have no evidence of any further security breaches, and we believe that the recent Stratfor incident is being used to bring this old news back into the spotlight," he noted.
Thomas added that the compromised passwords were from a backup of a previous version of the Web site that is more than a year old. "Most of the credit card numbers are expired, and we don't have evidence of any credit card misuse at this time," he wrote. "The current Web site does not store customer passwords or credit card information."
After the security breach, "we completely rebuilt our Web site and hired third-party consultants to help us shore up Web site security," he said, adding that the vast majority of the sites' sales are custom t-shirts and related gifts, and that the company donates a portion of its profits to charity.
Identity Finder, a New York-based data loss and identity theft prevention service, determined that files posted to date by Anonymous and its AntiSec offshoot related to this breach include 7,277 unique credit card numbers; 68,830 e-mail addresses (of which 40,854 are unique); and 36,368 plain-text usernames and passwords, some of which might be duplicates.
In the statement issued today, the hackers also took another shot at Stratfor for its alleged confusion over whether its data had been encrypted or not.
Specialforces.com |
The hackers said they breached the SpecialForces.com site months ago, but only just got around to posting the customer data. Even though the site's data was encrypted, they claim to have 14,000 passwords and details for 8,000 credit cards belonging to Special Forces Gear customers.
Special Forces Gear founder Dave Thomas confirmed that his company's Web servers were compromised by Anonymous in late August, resulting in a security breach that allowed the hackers to obtain customer usernames, passwords, and possibly encrypted credit card information in some cases. "We have no evidence of any further security breaches, and we believe that the recent Stratfor incident is being used to bring this old news back into the spotlight," he noted.
Thomas added that the compromised passwords were from a backup of a previous version of the Web site that is more than a year old. "Most of the credit card numbers are expired, and we don't have evidence of any credit card misuse at this time," he wrote. "The current Web site does not store customer passwords or credit card information."
After the security breach, "we completely rebuilt our Web site and hired third-party consultants to help us shore up Web site security," he said, adding that the vast majority of the sites' sales are custom t-shirts and related gifts, and that the company donates a portion of its profits to charity.
Identity Finder, a New York-based data loss and identity theft prevention service, determined that files posted to date by Anonymous and its AntiSec offshoot related to this breach include 7,277 unique credit card numbers; 68,830 e-mail addresses (of which 40,854 are unique); and 36,368 plain-text usernames and passwords, some of which might be duplicates.
In the statement issued today, the hackers also took another shot at Stratfor for its alleged confusion over whether its data had been encrypted or not.