Breacher Data Dump Affects 40,000 people; 7,277 Credit Card Numbers, 36,368 Passwords, and 40,854 Email addresses.
New York, NY – December 28, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by data breachers who are part of the hacking group Anonymous, after an apparently successful attack on the military and law enforcement gear distributor, Specialforces.com. According to their website, "Special Forces Gear offers a great selection of Military, Special Operations and Law Enforcement gear along with a unique T Shirt and gifts line catering to large and small units designed to help boost morale."
According to the breachers, "SpecialForces.com DID store their customers’ credit card information using blowfish encryption... Nevertheless, our voodoo prevailed and we were quickly able to break back into the military supplier’s server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers’ cards. That’s how we roll." Identity Finder contacted Special Forces to make them aware of the most recent breach, as well as a similar breach earlier this month. Special Forces staff also reported a breach approximately six months ago.
In the most recent data loss, the breachers have released personal information for specialforces.com users. Based upon Identity Finder's analysis, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:
- 7,277 Unique Credit Card Numbers
- 68,830 Email addresses, of which 40,854 are unique.
- 36,368 Plain-text usernames and passwords, some of which might be duplicates. The breachers claim to have "approximately 14,000 passwords."
- 61.5% were weak
- 31.2% were medium strength
- 7.3% were strong
- Average password length: 7.9 Characters.
- 9% of passwords were less than 6 characters long.
- 8.2% of passwords were more than 10 characters long.
"Given the proximity to other recent high-profile breaches, specialforces.com customers face increased risk of identity and credit card fraud," said Identity Finder's CEO, Todd Feinman, "Identity Finder is committed to helping companies prevent breaches like this from happening in the future. This is the latest data leak by 'breachers' who not only hack into corporations but also breach their data privacy by posting the information online. Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target."
Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud. The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."
The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual.
Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free.