Dive Brief:

• An Internet hosting provider that focuses on protecting customers from distributed denial of service (DDoS) attacks became the victim of a cyberattack itself late last week.
• The hackers stole sensitive customer data from California-based Staminus Communications’ network database and dumped it online.
• The company's network went offline around 8 a.m. Eastern Time on Thursday and were out for more than 20 hours. 

Dive Insight:

Hackers apparently infiltrated the company's server backbone and reset devices, like its Internet routers, to factory settings. The attackers also stole the company’s databases and released the stolen information online using Hastebin, an anonymous text sharing portal, according to Softpedia. Links for Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data appeared online during the outage.

Staminus acknowledged the problem on its social media pages while its website was down.

In a post taking credit for the attack, hackers accused Staminus of poor security practices, including "using one root password for all the boxes" and storing customer credit card data in plain text. Storing credit card data unencrypted is a violation of Payment Card Industry security standards, according to KrebsOnSecurity. 

Staminus also provides a service called Intreppid, which delivers dedicated virtual private servers with built-in DDoS protection features.

Staminus isn’t the first company focused on protecting citizen’s data that itself has become a victim of a hack. LifeLock, one of the leading companies in the identity-theft protection business, has been in trouble with the Federal Trade Commission (FTC), which claims the company failed to adequately guard the personal data it collected for a period of time. And Experian, one of the primary companies dedicated to protecting consumers, said it suffered a breach that may have exposed the data of about 15 million U.S. consumers last October.