US anti-distributed denial of service firm Staminus has suffered a comprehensive attack that saw its systems taken offline and sensitive customer data posted on the internet.
Staminus, which counts white supremacist group the Ku Klux Klan as a customer, this weekend had its company information posted on a paste website, with attackers disseminating a 15GB database on the anonymising TOR network.
Information on the hack was posted on Reddit's /r/sysadmin forum, where participants noted that attackers had discovered several glaring security holes on Staminus' network that allowed them to take full control of the infrastructure.
The leaked information included full credit card data stored in clear text without any form of encryption.
Staminus has confirmed the attack and that its systems were "temporarily taken offline" due to the intrusion.
According to chief executive Matt Mahvi, customer information including user names, hashed passwords, and names and contact information was exposed.
As credit and debit card data was also leaked, Mahvi advised Staminus customers to check their bank statements regularly for fraudulent and suspicious activity.
Exposed passwords "were protected with a cryptographic hash", Mahvi said, but nevertheless recommended that customers change their passwords.
The company said it restored services over the weekend, but parts of Staminus' website remained inaccessible.
This included kkk.com, the website for the Ku Klux Klan.