Anonymous leaks passwords in holiday cyberattack
The international cybercriminal ring known as Anonymous has once again caught the attention of the online security community, this time with a Christmas weekend attack that may have gathered and leaked thousands of confidential passwords.
The unfortunate target of the hackers' latest plot was Stratfor, an information security think tank known to gather intelligence and offer analysis to several high-profile public and private sector organizations. According to InformationWeek, the Departments of Defense, Justice and Treasury are just a few of the notable agencies with current or previous ties to Stratfor.
The company was quick to respond to the incident in a statement to customers posted on its Facebook page.
"As you may have heard, an unauthorized party illegally obtained and disclosed personally identifiable information and related credit card data of some of our members," Stratfor vice president Fred Burton explained. "As part of our ongoing investigation, we have also decided to delay the launching of our website until a thorough review and adjustment by outside experts can be completed."
In the interim, researchers from Identity Finder have released their own evaluation after sifting through the data posted by Anonymous in online forums. According to analysts, more than 50,000 unique credit card numbers were exposed in addition to nearly 14,000 home addresses of customers residing in the United States alone.
What's more, more than 44,000 passwords were obtained and distributed by hackers. While encryption was employed, analysts suggested that approximately three out of every four could be "easily cracked."
"The number of posted passwords and the threat of password reuse is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud," explained Identity Finder privacy officer Aaron Titus. "The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as email."
Citing research compiled across several similar data breaches, Titus suggested that more than half of all passwords are used for multiple accounts.
The rationale behind this strategy is understandable, but continued inaction in the wake of serious data breaches is not. The benefits of perceived convenience pale in comparison to the gravity of online identity fraud, and for users unable or unwilling to generate and store unique passwords for all accounts, tools like password manager software are available to provide a comprehensive solution.