Anonymous has reportedly hacked the database of a military supply Web site, and accessed the credit card information of more than 8,000 of the site's customers.
Anonymous said it hacked SpecialForces.com several months ago, but made the data public this week after "a former comrade leaked the password list early," according to a note posted to Pastebin. In all, the hackers said they have 14,000 passwords and 8,000 credit cards.
The group targeted this particular Web site because "their customer base is comprised primarily of military and law enforcement affiliated individuals, who have for too long enjoyed purchasing tactical combat equipment from their slick and 'professional' looking website."
The hack was done in support of the Occupy Wall Street protestors as well as Bradley Manning, who is accused of leaking confidential military information to Wikileaks.
"We'll continue to have ourselves a merry LulzXmas at the expense of capitalist pigs, corrupt public officials and all those third parties who cater to the continued oligarchic elite worldwide," Anonymous said. "We are your secretaries, your janitors, your babysitters, your IT guys, your bus drivers, your maids, your hard-working, driven and determined fellow humans."
SpecialForces.com remains online. In a statement, site spokesman Dave Thomas confirmed the hack, which he said occured in August.
"We have no evidence of any further security breaches, and we believe that the recent Stratfor incident is being used to bring this old news back into the spotlight," Thomas said in an email. "The compromised customer passwords were from a backup of a previous version of the website that is over a year old. Most of the credit card numbers are expired, and we don't have evidence of any credit card misuse at this time. The current website does not store customer passwords or credit card information."
Thomas said affected customers have been contacted and that in the wake of the breach, "we completely rebuilt our website and hired third-party consultants to help us shore up website security."
Thomas said the majority of its sales are custom t-shirts and related gifts, a portion of which is donated to charity.
According to the Pastebin note, the SpecialForces.com hack was carried out by the same individuals who hacked security firm Stratfor on Christmas Eve.
"We also laughed heartily whilst these so-called protectors of private property scrambled desperately to recover the sensitive information of all the customers who they wronged by failing to use proper security precautions," Anonymous said. "Stratfor lazily stored credit card information and corresponding data unencrypted. Is the irony palpable yet?"
Anonymous said SpecialForces.com at least encrypted their users' credit card information, but "we ... wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers' cards," Anonymous said.
In a Wednesday blog post, security firm Identity Finder said Anonymous is in possession of 7,277 unique credit card numbers from SpecialForces.com, 68,830 email addresses, and 36,368 usernames and passwords (though some might be duplicates). Of those, 61.5 percent of the passwords were weak.
For more, see PCMag's Guide to Creating Strong Passwords.
Editor's Note: This story was updated at 11am Eastern with comment from SpecialForces.com.