Cyber Incident Victim: Staminus Communications
Date:
Mar 2016
Location:
United States of America
Summary
A cybersecurity firm specializing in DDoS protection and hosting services experienced a significant breach when attackers compromised its network, resetting routers to factory defaults and causing widespread system outages. The intruders exfiltrated customer data—including names, email addresses, and database structures—and publicly mocked the company's security failures via a sarcastic list of "tips" highlighting critical vulnerabilities such as universal root passwords, unpatched systems, exposed power management interfaces, and improper storage of plaintext credit card information. Affected clients included gaming operators and controversial organizations, with service disruptions persisting despite partial restoration efforts. The incident underscored severe operational deficiencies in a business marketing itself as a security provider.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 10, 2016, Staminus Communications, a Newport Beach-based hosting and DDoS protection provider, experienced a severe network breach that caused a system-wide outage starting at 8:00 AM Eastern Time. Attackers infiltrated the company's infrastructure, gaining control over routers and resetting them to factory settings, which triggered a cascading failure across multiple systems. The intrusion resulted in extended downtime for Staminus' backbone services, including servers and network equipment. During the breach, hackers extracted sensitive data, including customer names, email addresses, database table structures, and routing tables, subsequently publishing this information in a formatted "e-zine" dump. The attackers included a sarcastic list titled "TIPS WHEN RUNNING A SECURITY COMPANY," highlighting critical security failures such as using a single root password for all systems, exposing power distribution units (PDUs) to the public internet with telnet authentication, failing to patch or audit systems, storing credit card data in plaintext (a violation of PCI standards), and employing poor coding practices. While the published dump did not display actual credit card information, the attackers explicitly cited unencrypted storage as one of Staminus' vulnerabilities.
The breach exposed data from diverse clients, including small gaming companies, Minecraft server operators, hosting firms, and notably, the official website of the Ku Klux Klan alongside affiliated sites under the same account. Customers reported renewed service interruptions after Staminus announced partial restorations via Twitter, where the company initially described the outage as a "rare event" without acknowledging the breach. As news of the hack spread, the Twitter thread became dominated by customer complaints about recurring downtime and lack of communication. Staminus representatives were unavailable for comment when contacted by media, and the company's Twitter account ceased updates following its restoration notice. The incident underscored operational disruptions, reputational damage from hosting controversial groups, and potential regulatory consequences due to PCI non-compliance allegations, leaving customers in a state of unresolved frustration as services remained unstable.