All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Staminus hacked?
Hello,
Does anyone else received this email?
We are writing this email to inform you of a data security incident that involved some of your personal information. On March 10, 2016, Staminus Communications was the victim of an unauthorized intrusion into its network. As a result of this intrusion, systems were temporarily taken offline and customer information was exposed. The protection of the personal information of its customers is very important to Staminus. Upon discovering this incident, Staminus took immediate action, including launching an investigation, notifying law enforcement, restoring its systems, and putting additional security measures into place to help prevent a future incident.
Based on our initial investigation, we know that names and credit card numbers, as well as usernames, passwords, and contact information, were exposed. Staminus’ investigation into the incident is ongoing.
In addition to the steps noted above (e.g., restoring our systems and notifying law enforcement), we have relaunched our billing platform. We have also implemented multi-factor authentication requirements. We are also continuing to work with law enforcement in its investigation of the incident.
In addition, we have taken steps to notify credit card companies of the credit card numbers that may have been accessed during this incident. Your credit card company may contact you to verify charges if it detects any unusual pattern of activity, or to replace your credit card. While we have taken steps to notify your credit card company proactively, we recommend that you also immediately notify your credit card issuing bank and follow its advice with regard to your credit card.
Beyond the steps we are taking, we encourage you to:
Contact Your Credit Card Issuer. As noted, we have taken steps to notify credit card companies of the credit card numbers impacted. Even so, you should remain vigilant by carefully reviewing your credit card account statements and immediately alerting your credit card issuing bank of any suspicious charges. This is the most important step that you can take to detect and prevent any unauthorized use of your credit card number.
Change Your Passwords. While the Staminus passwords compromised were encrypted, it is possible that the decryption key was compromised as well. Thus, you should immediately change your Staminus password. Additionally, we highly recommend customers who utilize similar credentials across different platforms reset any passwords on accounts that may use the same or a similar password to their Staminus login.
Be Aware of Phishing Schemes. You should also always be on the lookout for phishing schemes. Any email correspondence we may send regarding this matter will not contain a link, so if you receive an email appearing to be from us that contains a link, it is not from us, and you should not click on the link. Also, never provide sensitive information to unsolicited requests claiming to come from us, your bank or other organizations. We would never ask you for sensitive information via email.
Regularly Review Your Financial Statements. We recommend you remain vigilant by regularly reviewing your credit card and bank account statements.
We sincerely regret that this happened and will continue to put the right measures in place to maintain the security of your information. Should you have any questions or other concerns about this matter, please don’t hesitate to contact us at:
Email: [email protected]
Phone: 844-808-4836
Address: 4695 MacArthur Court, 11th Floor, Newport Beach, CA 92660
Sincerely,
Matt Mahvi
CEO
Staminus Communications
Screens:
Comments
This was talked about heavily here: https://www.lowendtalk.com/discussion/78032/staminus-offline/
Took them long enough to notify clients.
Wow that was a long time ago this happen.
Well i got this email right now...
remember not to use same password everywere, you never know what gets hacked next and where the details go
Six weeks!
It's a bit late for that, isn't it?
Actually we have used them in 2009/2010 but we got an information about this right now:
Important Notice Trash x Staminus Communications [email protected] via msgbsvc.com 10:00 PM (25 minutes ago) to meIf you post the full headers (I think it's view original or something like that on gmail) we can see the whole story of when it left their mailer en route to you.
Delivered-To: [email protected] Received: by 10.194.38.69 with SMTP id e5csp2819992wjk; Wed, 20 Apr 2016 14:01:34 -0700 (PDT) X-Received: by 10.98.43.7 with SMTP id r7mr15308062pfr.24.1461186094009; Wed, 20 Apr 2016 14:01:34 -0700 (PDT) Return-Path: <[email protected]> Received: from mail9b.msgbsvc.com (mail9b.msgbsvc.com. [66.151.129.215]) by mx.google.com with ESMTP id nd7si18383145pab.30.2016.04.20.14.01.33 for <[email protected]>; Wed, 20 Apr 2016 14:01:33 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 66.151.129.215 as permitted sender) client-ip=66.151.129.215; Authentication-Results: mx.google.com; dkim=fail [email protected]; spf=pass (google.com: domain of [email protected] designates 66.151.129.215 as permitted sender) [email protected] DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1; d=msgbsvc.com; h=From:To:Date:Subject:Message-Id:Reply-To:Sender:MIME-Version:Content-Type; [email protected]; bh=q7syhXL7Ef0yB3WpSiyixCJx9Wo=; b=R++XDoWV8W1zhVXWxmfOXN4+LGHzgAviGKP+Ul3L6VNoHUwJ8SC7VmTZzO7LIhOHe7pM+/KIjOp8 6ndD83dtKQ34kw6vfa2vkIrEJSm+V86y+2gSmw+A5bw00RpB4hl+mCdFgBIn68B3rItiSBphd2RP iVrxjTodK40NC9pL/7E= Received: by mail9b.msgbsvc.com id h2vn2q19emk7 for <[email protected]>; Wed, 20 Apr 2016 17:01:03 -0400 (envelope-from <[email protected]>) From: Staminus Communications <[email protected]> To: "[email protected]" <[email protected]> Date: Wed, 20 Apr 2016 17:00:23 -0400 Subject: Important Notice Message-Id: <T5JIVT8QZXT4.ACC09NBRI4FM@SCPD-EML1B> Reply-To: Staminus Communications <[email protected]> Sender: [email protected] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=-/oXGjsnNQXoHSR9Hnm91yw=="https://oag.ca.gov/ecrime/databreach/reports/sb24-60912
3/10 occurred, reported 4/11.
CC, Username and PW
Username and PW Only
I have updated the ticket with screens, anyway if i did something wrong that i have posted this apologise. You can delete the thread if i breaked any forum's rule.
Took so long for them to notify
No, I meant that the ideal time for Staminus to put in place measures to maintain security of customer information is before they got hacked.
I mean really, the attacker alleged they were storing plaintext credit card numbers and using "St4m|nu5" as a root password.
Too bad "immediate action" didn't involve notifying the people whose information was compromised.