UPDATE: Data Breach Now Affects More than ¾ Million people: 859,311 Email Addresses, 68,063 Credit Card Numbers, 50,618 Addresses, and 50,569 Phone Numbers
New York, NY – December 30, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted on December 29 by the hacking group, Anonymous as a part of the AntiSec movement and "LulzXmas" operation. Late Thursday night the group distributed more than 200 MB of Stratfor user data on multiple public mirror websites. This latest dump claims to contain "75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor... [and] ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who's ever registered on Stratfor's site."
Identity Finder conducted an analysis on the most recently released files, which includes information previously released by Anonymous. Based upon Identity Finder's analysis, the files contain the following personally identifiable information:
- 68,063 Unique Credit Card Numbers, of which approximately 36,000 have unexpired expiration dates. Note: Credit cards with expired expiration dates might still be valid, if they have since been renewed.
- 859,311 Unique Email addresses.
- 50,569 Phone Numbers.
- 860,160 Hashed Passwords, of which roughly 11.8% could be easily cracked.
- Average password length: 7.2 Characters.
- 50,618 of the addresses belonged to United States victims; the remainder belonged to individuals from other parts of the world.
Identity Finder estimates that of the 860,000 people affected, about 7.9% have had a credit card exposed, while 11.8% could theoretically have a compromised password.
"Identity Finder cautions anyone affected by this breach to be on the lookout for 'phishing,' emails," said Identity Finder's CEO, Todd Feinman. "Phishing is where an identity thief or fraudster sends an email that appears to be from Stratfor, but actually tricks them into visiting a malicious website that looks identical to Stratfor's site. We recommend that you do not click on any email links purporting to regard this breach. "
Aaron Titus, Identity Finder’s Privacy Officer added, "Never give sensitive personal information online, unless you initiate the contact, and unless it is to a trusted party, over a secure (https) connection. Double-check the URL to make sure you recognize the domain before sharing login or personal information. If you use the same username/ password combination at other sites (such as Gmail, Facebook, or an online banking site), we recommend you change those passwords immediately."
The breachers claim to be preparing to release 2.7 million internal Stratfor emails to the Internet soon, and threatened to attack "multiple law enforcement targets from coast to coast" on New Year's Eve.
Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free