A hacker operation founded to expose and punish governmental corruption and slimy big business tactics lived up to its word last week, releasing what it claims is a full list of clients who have patronized cyber security advisement firm Stratfor.
AntiSec, a global collaboration between Anonymous and upstart hacker group LulzSec, previously released a sliver of data one day after Christmas: 30,000 pieces of personal information for Stratfor customers, including credit card information. Days later, the hacktivists released the whole enchilada.
“It’s time to dump the full 75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor,” read a statement posted to Pastebin.
Frustrated with the treatment of U.S. Army soldier-cum-detainee Bradley Manning and his lack of a proper “LulzXmas dinner,” the group went one step further, publishing the names and email addresses of an estimated 860,000 people who had registered at Stratfor’s website. Around 50,000 of those belong to members of the military and government officials, claimed the group.
“We almost have sympathy for those poor DHS employees and Australian billionaires who had their bank accounts looted,” AntiSec taunted.
Following the first data leak, hackers “attacked” select Stratfor members, using their credit cards to make donations to several charities.
Stratfor issued an apology to members affected by the subsequent data leak:
Stratfor regrets the latest disclosure of information obtained illegally from the company’s data systems. We want to assure our customers and friends this was not a new cyber attack but was instead a release of information obtained during the previous security breach. The latest disclosure included credit card information of paid subscribers and many email addresses of those who receive Stratfor’s free services.
In an attempt to make amends, Stratfor also offered free identity theft protection to its registered members.
“We have arranged for all Stratfor members to receive one year of free identity protection coverage from CSID, a leading provider of global identity protection,” announced Fred Burton, Stratfor vice president of intelligence. “You can feel confident in disclosing information to CSID – it’s the only identity protection company we are working with.”
Stratfor’s official site has yet to be fully restored. The company said a full relaunch will happen only after it conducts “a thorough security review.” (via Threat Post)