A data dump containing information stolen several months ago from SpecialForces.com included user passwords and credit card numbers.
The attackers stole usernames, passwords and credit card information after breaching the military and law enforcement equipment retailer in an attack that occurred several months ago, according to a post on a Twitter account associated with a person who claim to be a member of the hacktivist collective Anonymous on Dec. 27. The credit card information appear to have been encrypted originally, but the attackers claimed to have been able to decrypt the data after breaching the retailer's servers and stealing the encryption keys, according to a post on text-sharing site Pastebin.
Identity Finder researchers analyzed the information that had been posted publicly and discovered over 7,000 unique credit card numbers had been exposed. Over 68,000 email addresses had been dumped, but only a little less than 41,000 were unique. The data dump also included approximately 36,000 usernames and passwords, of which more than half, or 61 percent, were considered "weak," according to Identity Finder analysis.
"Given the proximity to other recent high-profile breaches, specialforces.com customers face increased risk of identity and credit card fraud," said Identity Finder's CEO, Todd Feinman.
The SpecialForces.com data dump appear to be part of a larger campaign called LulzXmas, which included an attack on Stratfor, a publisher of global intelligence and analysis, over Christmas.