Staminus Communications

Staminus Communications, operating also as Staminus, was a United States-based cybersecurity firm that provided distributed denial-of-service (DDoS) protection and associated hosting services. The company positioned itself within the security sector, marketing its expertise to clients seeking resilience against network attacks. Its customer base notably included operators within the gaming industry, as well as other organizations described as controversial, indicating a diverse client portfolio served from its American headquarters. The core business model centered on mitigating DDoS threats, a critical service for online entities facing volumetric attack traffic.

The company's operational and security posture was catastrophically undermined by a breach in March 2016. Attackers compromised Staminus's own network, exploiting critical vulnerabilities that included universal root passwords, unpatched systems, and exposed management interfaces. The intruders physically reset network routers to factory defaults, causing widespread service outages for clients. Furthermore, they exfiltrated sensitive customer data such as names, email addresses, and database structures, and discovered plaintext credit card information stored improperly. Following the intrusion, the attackers publicly ridiculed the firm by publishing a sarcastic list of "tips" that highlighted these exact security failures. This incident starkly contradicted the company's market positioning as a security provider, revealing severe operational deficiencies and poor security hygiene that persisted even after partial restoration efforts, leading to prolonged service disruptions for its clients. The breach served as a public case study on the risks of a security vendor failing to secure its own infrastructure.