Anonymous No More – Scope Of Data Breach Revealed By Identity Finder

The information posted by the hacking group Anonymous (as a part of the AntiSec movement) after an apparently successful attack on the Intelligence company Stratfor (www.stratfor.com) is strikingly voluminous.  According to a report by Identity Finder, LLC, the files posted to date by Anonymous and AntiSec contain the following personally identifiable information:

·         50,277 unique credit card numbers, of which 9,651 are not expired;
·         86,594 email addresses, of which 47,680 are unique;
·         27,537 phone numbers, of which 25,680 are unique.
·         44,188 encrypted passwords, of which roughly 50% could be easily cracked.
o   73.7% of decrypted passwords were weak
o   21.7% of decrypted passwords were medium strength
o   4.6% of decrypted passwords were strong
o   Average decrypted password length: 7.1 characters.
o   10% of decrypted passwords were less than 5 characters long.
o   Only 4.8% of decrypted passwords were 10+ characters long.
o   Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
·         13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.
 
Credit card fraud has already been well-documented in this incident, said Identity Finder's CEO, Todd Feinman said.  “This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online.  Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target.” 
 
Aaron Titus, Identity Finder’s Privacy Officer added, "The number of posted passwords and the threat of password re-use is significant. Passwords are a digital identity and password reuse is a serious problem that could lead toward identity fraud.  The victims will have no way to know when an identity thief is reusing their email and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."