Report details extent of Anonymous hack on Stratfor

Analysts find that the AntiSec hack reported Christmas Day against the security think tank affected some 50,000 people, and more files are expected to be released in the coming days.

Michelle Meyers
Michelle Meyers
Michelle Meyers wrote and edited CNET News stories from 2005 to 2020 and is now a contributor to CNET.
2 min read

Now that the Yuletide fog has cleared, details are emerging about the extent of an Anonymous hack on security think tank Strategic Forecasting that was first reported Christmas Day and appears to have affected some 50,000 individuals.

Austin, Texas-based Strategic Forecasting, or Stratfor, disclosed over the weekend that its Web site, which remains down, was hacked and information about its corporate subscribers--who include the likes of the U.S. Army, U.S. Air Force, and Miami Police Department--was disclosed. AntiSec, an Anonymous-affiliated hacktivist group, quickly claimed responsibility and promised "mayhem" with plans to release even more documents.

Screenshot by CNET

Identity Finder, a New York-based data loss and identity theft prevention service, today published a report stating that AntiSec has so far released personal information obtained in the hack for Stratfor subscribers with first names beginning with A through M. The rest of the alphabet, along with what AntiSec claims are copies of 2.7 million e-mails, are expected to be released in upcoming days.

Documents from the hack posted to date by both Anonymous and AntiSec, according to Identity Finder, include:

• 50,277 unique credit card numbers, of which 9,651 are not expired.
• 86,594 e-mail addresses, of which 47,680 are unique.
• 27,537 phone numbers, of which 25,680 are unique.
• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked.

Some reports said Anonymous' stated goal was to steal money from individual accounts to give as Christmas donations to organizations like the American Red Cross and Save the Children. VentureBeat said that on Christmas Day, Anonymous had posted five receipts of donations it had made to charities using stolen cards.

CNET was unable to track down Stratfor officials for comment Tuesday night, but a Facebook post by Chief Executive George Friedman confirms the breach, noting that the company will offer identity theft protection and monitoring services to affected subscribers. He adds that some of the people whose names were published by AntiSec had simply subscribed to the firm's publications and did not have a deeper relationship with the company.

Identity Finder CEO Todd Feinman said credit card fraud related to the incident has already been "well documented." "This is the latest data leak by 'breachers' who not only hack into corporations but also breach their data privacy by posting the information online," Feinman said in a statement. "Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target."

Indeed, this is just the latest attack by Anonymous and its offshoots, who have gained notoriety for their denial-of-service attacks and data breaches on a host of targets. From Sony and the CIA to bankers, police officers, and Fox News, the attacks were, for months, almost a daily occurrence. And with the emergence of the Occupy Wall Street protests, Anonymous actions have become more organized and focused on a cause--political protest of financial inequality and corporate influence.

Stratfor was likely targeted not only because of its client list of major companies and government entities but also to highlight its apparent security glitches.