Analysis: Anonymous stole over 9K active credit card numbers in Stratfor hack

A clearer picture of the damage from the Stratfor hacking incident on Christmas Eve is coming into focus, with an independent analysis confirming more than 9,000 active credit card numbers were stolen from the security think tank.

In a high-profile incident that blew up the news on Christmas, the notorious hacker group Anonymous claimed to have stolen credit card data and other client details from Austin-based security think tank Stratfor, with the intent of donating $1 million in stolen cash to charity. When the story broke, it was still unclear what exactly had been stolen, but now an independent analysis has broken down the numbers.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":370259,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"D"}']

New York-based data loss and identity theft prevention service Identity Finder issued a report today that stacks up how much data was stolen from the A through M names from Stratfor’s customer list. Anonymous is expected to release data from the N through Z names in the coming days.

Identity Finder says 9,651 active credit cards, 47,680 unique e-mail addresses, 25,680 unique phone numbers and 44,188 encrypted passwords. Of the passwords, the firm said 50 percent could be easily be cracked.

Todd Feinman, Identity Finder’s CEO, said credit card fraud has already been “well documented.” Back on the Dec. 25, Anonymous posted five receipts of donations it had made to charities using stolen cards.

“This is the latest data leak by ‘breachers’ who not only hack into corporations but also breach their data privacy by posting the information online,” Feinman said on the company’s blog. “Unfortunately this problem will only get worse unless corporations minimize their data footprint and shrink their data target.”

Stratfor is a research group and think tank that posts a daily newsletter on security issues and counts the Defense Department, Lockheed Martin and Bank of America as clients. The so-called “intelligence” firm looks especially bad in this incident because the sensitive data, including credit cards and phone numbers, was not encrypted. Stratfor’s hacked website remains down as of Tuesday afternoon.