Hackers identifying themselves with the Anonymous collective and AntiSec movement have posted several gigabytes of information online that appears to be internal emails, databases to the California Statewide Law Enforcement Association (CSLE) and New York law enforcement. We have not yet verified the data's contents, but the CSLE website is currently down.  If this breach turns out to be legitimate (and so far we have no reason to believe otherwise), it would constitute the most substantial hack against law enforcement in recent months.

UPDATE: Data Breach Now Affects More than ¾ Million people: 859,311 Email Addresses, 68,063 Credit Card Numbers, 50,618 Addresses, and 50,569 Phone Numbers

New York, NY – December 30, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted on December 29 by the hacking group, Anonymous as a part of the AntiSec movement and "LulzXmas" operation. Late Thursday night the group distributed more than 200 MB of Stratfor user data on multiple public mirror websites. This latest dump claims to contain "75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor... [and] ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who's ever registered on Stratfor's site."

Identity Finder conducted an analysis on the most recently released files, which includes information previously released by Anonymous. Based upon Identity Finder's analysis, the files contain the following personally identifiable information:

• 68,063 Unique Credit Card Numbers, of which approximately 36,000 have unexpired expiration dates. Note: Credit cards with expired expiration dates might still be valid, if they have since been renewed.
• 859,311 Unique Email addresses.
• 50,569 Phone Numbers.
• 860,160 Hashed Passwords, of which roughly 11.8% could be easily cracked.
• Average password length: 7.2 Characters.
• 50,618 of the addresses belonged to United States victims; the remainder belonged to individuals from other parts of the world.

Identity Finder estimates that of the 860,000 people affected, about 7.9% have had a credit card exposed, while 11.8% could theoretically have a compromised password.

"Identity Finder cautions anyone affected by this breach to be on the lookout for 'phishing,' emails," said Identity Finder's CEO, Todd Feinman. "Phishing is where an identity thief or fraudster sends an email that appears to be from Stratfor, but actually tricks them into visiting a malicious website that looks identical to Stratfor's site. We recommend that you do not click on any email links purporting to regard this breach. "

Aaron Titus, Identity Finder’s Privacy Officer added, "Never give sensitive personal information online, unless you initiate the contact, and unless it is to a trusted party, over a secure (https) connection. Double-check the URL to make sure you recognize the domain before sharing login or personal information. If you use the same username/ password combination at other sites (such as Gmail, Facebook, or an online banking site), we recommend you change those passwords immediately."

The breachers claim to be preparing to release 2.7 million internal Stratfor emails to the Internet soon, and threatened to attack "multiple law enforcement targets from coast to coast" on New Year's Eve.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

Update 12/30 12:18AM: At this point we can confirm that breachers have posted files online that appear to contain in excess of 860,000 accounts, and far fewer credit card numbers; however, we have not yet checked the file for duplicates.

As a part of "LulzXmas," breachers are reporting that 860,000 Stratfor accounts have been leaked, including "75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor."  Identity Finder is in the process of analyzing the data and will issue a formal report as soon as possible.

We still have not seen the 2.7 million emails breachers claim to have.

Breacher Data Dump Affects 40,000 people; 7,277 Credit Card Numbers, 36,368 Passwords, and 40,854 Email addresses.

New York, NY – December 28, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by data breachers who are part of the hacking group Anonymous, after an apparently successful attack on the military and law enforcement gear distributor, Specialforces.com. According to their website, "Special Forces Gear offers a great selection of Military, Special Operations and Law Enforcement gear along with a unique T Shirt and gifts line catering to large and small units designed to help boost morale."

According to the breachers, "SpecialForces.com DID store their customers’ credit card information using blowfish encryption... Nevertheless, our voodoo prevailed and we were quickly able to break back into the military supplier’s server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers’ cards. That’s how we roll." Identity Finder contacted Special Forces to make them aware of the most recent breach, as well as a similar breach earlier this month. Special Forces staff also reported a breach approximately six months ago.

In the most recent data loss, the breachers have released personal information for specialforces.com users. Based upon Identity Finder's analysis, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:

• 7,277 Unique Credit Card Numbers
• 68,830 Email addresses, of which 40,854 are unique.
• 36,368 Plain-text usernames and passwords, some of which might be duplicates. The breachers claim to have "approximately 14,000 passwords."
• 61.5% were weak
• 31.2% were medium strength
• 7.3% were strong
• Average password length: 7.9 Characters.
• 9% of passwords were less than 6 characters long.
• 8.2% of passwords were more than 10 characters long.

"Given the proximity to other recent high-profile breaches, specialforces.com customers face increased risk of identity and credit card fraud," said Identity Finder's CEO, Todd Feinman, "Identity Finder is committed to helping companies prevent breaches like this from happening in the future. This is the latest data leak by 'breachers' who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target."

Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."

The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free.

Update: December 28, 2011 12:00PM Eastern

We'll be issuing a complete analysis soon, but it appears that the breach affects approximately 40,000 people, including roughly 7,000 credit card numbers. We've notified specialforces.com.

Original Post:

Last night Identity Finder became aware of a breach of Specialforces.com, purportedly including names, email addresses, passwords and credit card numbers. This follows a breach of a similar nature on the same website earlier this month. Identity Finder contacted Specialforces.com on December 14th and again today to alert them to the breaches.

We are performing a detailed analysis of the breached information, but so far it appears that the breachers have posted thousands of credit card numbers, email addresses, and passwords. We will post more information here as it becomes available.

UPDATED ANALYSIS: Stratfor Breach Affects 860,000 (Dec. 30, 2011)

Data Breach Affects 50,000 people; 50,277 Credit Card Numbers, 44,188 Hashed Passwords, 47,680 E-Mail addresses.

New York, NY – December 27, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by hacking group, Anonymous as a part of the AntiSec movement, after an apparently successful attack on the Intelligence company Stratfor. The hackers/breachers have released personal information for Stratfor subscribers whose first names begin with A through M; presumably N through Z will be released in the coming days. Breachers have also claimed to copy 2.7 million emails which have yet to be released. Based upon Identity Finder's analysis, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:

• 50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired. Note: Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
• 86,594 Email addresses, of which 47,680 are unique.
• 27,537 Phone Numbers, of which 25,680 are unique.
• 44,188 Encrypted Passwords, of which roughly 50% could be easily cracked.
• 73.7% of decrypted passwords were weak
• 21.7% of decrypted passwords were medium strength
• 4.6% of decrypted passwords were strong
• Average decrypted password length: 7.1 Characters.
• 10% of decrypted passwords were less than 5 characters long.
• Only 4.8% of decrypted passwords were 10+ characters long.
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.

Credit card fraud has already been well-documented in this incident, said Identity Finder's CEO, Todd Feinman said. “This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target.” Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail." The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

Update: December 27, 2011 8:00AM Eastern

We continue to monitor the Stratfor breach. At this point, hackers claim to have released names beginning with A-M, or roughly 50,000 records, with more likely on the way. We have analyzed the data released so far and have these updated numbers to report:

• Unique Credit Card Numbers: 50,277
• Unique Email Addresses: 47,680
• Unique Telephone Numbers: 25,680

The hackers claim to have 2.7 million internal Stratfor emails, which Identity Finder will also analyze for sensitive personal information, if released.

Original Post

Identity Finder has been monitoring the Stratfor breach very carefully over the past 24 hours, and will continue to do so until the Anonymous hackers have released all of the stratfor.com information.  Identity Finder has analyzed approximately 20,000 records, and here's what we can confirm so far:

• Unique Credit Card Numbers: 21,605
• Unique Phone Numbers: 7,568
• Unique Email Addresses: 20,198

We expect these numbers to increase substantially in the coming hours and days.

Based upon a random sampling of 1% of the password hashes, we discovered that 59.3% of them were easily cracked using free, public tools.

Stratfor could have prevented this breach in numerous ways. One way they could have prevented the breach was to run Identity Finder against their databases to discover unencrypted credit card data, and protect the information.

Hacker Group Claims 10,000 Facebook Accounts Hacked and Posted Online

New York, NY – October 18, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by a hacker after an attack apparntly involving 9,931 Facebook accounts. Identity Finder is unable to verify the source of the account usernames and email addresses, of which approximately half included passwords. However, the Nepalese hackers who identify themselves as "Team SwaStika" claim that they stole the information from Facebook.

The data breach occurred on October 16th in a popular website used primarily by programmers to share programming code with others. Identity Finder notified Facebook immediately after discovering the breach. Facebook has not yet responded to Identity Finder.

Based upon Identity Finder's analysis, the information posted by the hacker contains the following:

• 9,931 Accounts
• 4,869 Unique Email Addresses
• 5,049 Usernames
• 5,340 Passwords

Identity Finder analyzed the strength of the breached passwords, and discovered that an alarming 68% of the passwords were "Weak." A weak password may be too short, contain dictionary words, or may not contain special characters, numbers, or alternating punctuation.

• 68% of the Passwords are Weak
• Only 5.4% of the Passwords are Strong
• Average Password Length is 9.2 characters (See Chart, below)
• 4.9% of the passwords were less than 6 characters long
• 13.5% of the passwords were more than 12 characters long

The biggest threat of this breach is the number of passwords posted and how that can lead to further identity theft. Identity Finder's CEO, Todd Feinman said, "Passwords are a digital identity and password reuse is a serious problem that could lead to identity fraud. If real, these accounts can not only be used to access the personal information stored on Facebook (such as full date of birth), but also as potential logins for other websites. The victims will have no way to know when an identity thief is trying their username and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."

The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual. Some users will create site-specific passwords by adding characters related to the website. While this may not significantly increase security in all cases, it can reduce the risk of password reuse.

About

Identity Finder's technology provides users the ability to prevent identity theft and data leakage by searching and securing sensitive data that could be used to commit identity fraud. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

In her Op-Ed, The Net As A Human Right; Claiming Our 'Identity Property' location-based startup founder Anne Bezancon argues that Privacy legislation like the Location Privacy Protection Act of 2011 introduced by Sens. Al Franken and Richard Blumenthal is good for business and individuals. She argues that mobile technology is distinct from the Web, because mobile technology is an extension of the self, and thus subject to a greater risk of abuse. Early rules will provide clarity and encourage people to barter their "Identity Property" for services. (Forbes) (9/13)

The California State Assembly last month unanimously approved a bill that would force police to get a warrant before searching cell phones. "This will not interfere with the legitimate needs of police," said Assemblyman Steve Knight. Cell phones, once passive pieces of equipment with no storage capacity, can now easily store gigabytes of sensitive personal information. (San Francisco Chronicle) (8/23)