20. March 2012 14:14
Identity Finder Releases Analysis of Thousands of Emails, Database Breach by Anonymous Hackers
On March 8, 2012 hackers from the Anonymous hacker collective and the AntiSec movement hacked into the website for New York Ironworks, a supplier of police tactical equipment. Hackers stole thousands of emails and the entire website database and posted the information in multiple locations online, in retaliation for recent high-profile FBI arrests of LulzSec and AntiSec hackers.
Identity Finder today released the following statistical analysis of the 150 MB breach, using the Identity Finder DLP Data Discovery software:
- 150 MB of Data total, including a 101 MB Database for newyorkironworks.com
- 3,581 Internal Customer Service, Sales, and Administrative Email Messages
- Approximately 3,000 Domestic and International Shipping Addresses
- 4,317 Unique Email addresses
- 440 Usernames and Passwords
- 2,368 Unique Phone Numbers
- Details of More than 4,000 Orders
- 1 Credit Card Number (Sent by a Florida man via email, not at the request of NY Ironworks)
Identity Finder’s analysis determined that many of the shipping addresses belong to residences or apartments. Because New York Ironworks sells primarily police tactical equipment, it is possible that many of the addresses could be the home addresses of police and other law enforcement agents. Publishing the home addresses for law enforcement officers, especially undercover agents, can pose a serious risk to the safety of the officers and their families. A sampling of the shipping addresses (Zip Code only) is below:
Todd Feinman, CEO of Identity Finder said, “Companies must be proactive and protect their customers’ sensitive data. The only way to ensure that even the most successful hackers do not post your confidential files, is to clean unprotected copies of them off your storage devices in the first place” Software solutions such as Identity Finder DLP can automate the task by discovering personally identifiable information in files, emails, and servers, then providing data owners the ability to enforce protection.
“Customers of New York Ironworks should beware of phishing attacks which may come as unsolicited emails purporting to come from New York Ironworks, asking users to share personal information, including usernames and passwords,” warned Identity Finder’s Chief Privacy Officer, Aaron Titus. “Identity Finder recommends that individuals not click on links in unsolicited email. Also, never send your credit card information to anyone via email, even a reputable company.” In December 2010, one Miami Florida man emailed his credit card number to New York Ironworks’ customer service department, probably against the advice of the company. The email with his name, address and credit card number remained in the Customer Service inbox until it was hacked and exposed online.
“Password re-use is another potential risk associated with this breach,” warned Feinman. “Many people use the same email and password combination on multiple websites. If you were a New York Ironworks customer, we recommend you take some time to change your passwords on other sites.”
The hack was announced through an Anonymous tweet. As of March 20, 2012, the website www.newyorkironworks.com remained offline. A New York Ironworks employee confirmed that they were aware of the hack, and were responding to it.
Identity Finder’s technology provides users the ability to prevent identity theft and data leakage by searching and securing sensitive data that could be used to commit identity fraud. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free