27. December 2011 14:37
Data Breach Affects 50,000 people; 50,277 Credit Card Numbers, 44,188 Hashed Passwords, 47,680 E-Mail addresses.
New York, NY – December 27, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by hacking group, Anonymous as a part of the AntiSec movement, after an apparently successful attack on the Intelligence company Stratfor. The hackers/breachers have released personal information for Stratfor subscribers whose first names begin with A through M; presumably N through Z will be released in the coming days. Breachers have also claimed to copy 2.7 million emails which have yet to be released.
Based upon Identity Finder's analysis, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:
- 50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired. Note: Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
- 86,594 Email addresses, of which 47,680 are unique.
- 27,537 Phone Numbers, of which 25,680 are unique.
- 44,188 Encrypted Passwords, of which roughly 50% could be easily cracked.
- 73.7% of decrypted passwords were weak
- 21.7% of decrypted passwords were medium strength
- 4.6% of decrypted passwords were strong
- Average decrypted password length: 7.1 Characters.
- 10% of decrypted passwords were less than 5 characters long.
- Only 4.8% of decrypted passwords were 10+ characters long.
- Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
- 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.
Credit card fraud has already been well-documented in this incident, said Identity Finder's CEO, Todd Feinman said. “This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target.” Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."
The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual.
Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free