Over 9,000 active credit cards, 27,000 phone numbers and 20,000 “easily cracked” passwords — that’s what hacktivist group Anonymous has released to date, after reportedly hacking international intelligence and threat analysis firm Stratfor, says a security firm.
The company that analyzed the data and came up with those figures is called Identity Finder — a New York City business that bills itself as “a leader in data loss prevention and identity theft prevention.”
“The hackers/breachers have released personal information for Stratfor subscribers whose first names begin with A through M; presumably N through Z will be released in the coming days,” wrote Identity Finder in a statement. “Breachers have also claimed to copy 2.7 million emails which have yet to be released.”
Of the data released in the A through M range, Identity Finder found 50,277 unique credit card numbers (9,651 not expired), 96,594 email addresses (47,680 unique), 27,537 phone numbers (25,680 unique) and 44,188 encrypted passwords (of which it says “roughly 50% could be easily cracked”). Of the decrypted passwords, Identity Finder reports that 73.7% were “weak,” 21.7% were “medium strength” and 4.6% were “strong” (as expected, part of the takeaway here is that consumer password construction — even by customers of a threat analysis company — remains abysmal). What’s more, the average decrypted password length was a trifling 7.1 characters long.
Identity Theft reports that 13,973 of the addresses “belonged to United States victims,” while the remaining addresses “belong to individuals from around the world.”
In the meantime, fallout from the breach continues as future data dumps loom: Earlier today, Stratfor warned its members that speaking out in support of the company could result in targeted personal attacks by hackers, but others have said the move may be a public relations stunt by Stratfor to deflect attention from the breach’s severity.