Among the data they have managed to steal from its servers were names, home addresses, credit card details and passwords of Stratfor clients, 17,000 of which they have immediately shared with the public in order to prove the veracity of their claims. All in all, the hackers said that they have managed to put their hands on around 860,000 usernames, emails, and hashed passwords; internal emails and documents exchanged and worked on by the organization's employees; and around 75,000 credit card details complete with security codes required for no card present transactions.
The Guardian has hired cyber-security expert John Bumgarner to rifle through the information already leaked by the hacker group, and he has ascertained that thousand of emails and passwords belonging to UK, US and NATO officials were thusly made public.
19,000 email addresses and passwords and other personal data belonging to US military personnel were revealed, as well as those of seven officials of the UK's Cabinet Office, 45 of the Foreign Office, 14 of the Home Office, 67 police officers of the London Metropolitan Police and other officials, two employees with the royal household, 23 workers/members of the Houses of Parliament, and a number of intelligence officers. 242 Nato staffers have also had their emails revealed.
British officials and the government are still not worried about the revealed information posing any threat to national security. To be sure, the revealed (easily decryptable) passwords are those used by Stratford customers to access the content offered by the think-tank and not their email accounts, but given the fact that many users - even those who should definitely know better - recycle passwords, I wouldn't be as complacent as they seem to be.
In the meantime, another threat targeting those very individuals is imminent: they are currently being targeted with spear-phishing emails purportedly being sent by Stratfor CEO George Friedman, asking them to fill out an attached document with personal information.
"I want to assure everyone that this is not my email address and that any communication from this address is not from me," Friedman stated on the company Facebook page, and warned users that the company would never ask customers to provide personal information through the type of attachment that was part of the aforementioned email.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.