Global Intelligence company STRATFOR (Strategic Forecasting, Inc.) had its site defaced, and list of corporate members leaked to pastebin. While the defacement claimed to have "rm'ed" the server, STRATFOR e-mailed its members stating that they are suspending their operations while the compromise is being investigated. A mirror of the defacement is available at zone-h. A chronology and additional details of the breach has been published on zerohedge.com.
Dear Stratfor Member, We have learned that Stratfor's web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor's servers and email have been suspended. We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained. Stratfor and I take this incident very seriously. Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible. Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters. Sincerely, George Friedman
In their latest statement, Stratfor says "To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures." This sudden concern with security measures and protecting member personal information is rather interesting, considering their own Terms of Service (available via Google cache only at the moment) requires members wishing to cancel their subscription to send an e-mail including their username and password - something any half-competent security professional would know to be a terrible idea.
5.2 To cancel your Individual License, you may call our Customer Services Department at 1-877-978-7284 from within the United States and Canada or at +1-512-744-4300, option 2 from outside the United States and Canada, or send an e-mail request with the subject line "Subscription Cancellation Request" to firstname.lastname@example.org. Please be sure to provide your name, address, phone number, e-mail address, user name and password for authentication, and the reason you want to cancel. Cancellations are processed upon receipt of the cancellation request. Upon cancellation, all fees and charges are nonrefundable. However, if a user requests cancellation of an Individual License with at least an annual term within thirty (30) days following its automatic renewal date (see Section 5.1), such request will be honored.
Cryptome is keeping an updated timeline of information that has been posted to Pastebin so far. This includes links to pastebins for a planned release of a large number of internal Stratfor e-mails. There are a variety of reports on the actual number of e-mails that will be included in the release - ">2.5 million, 2.7 million, 3.3 million, or 5 million. The 2.7 million number is referenced in a pastebin dump of 1 sample e-mail, which may make that the most accurate number.