Hackers Sell Data for 1.5mn Verizon Customers

Verizon does a very good annual report on data breaches, so it is ironic they will have to discuss their own major data breach in the next edition. Security expert Michael Krebs reported that Verizon Enterprise, the B2B arm of the business, had been hacked by criminals who were offering to sell stolen data about Verizon customers.

Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.

The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.

Verizon admitted there had been a security weakness but said it has now been addressed. They also confirmed that ‘basic’ contact information for enterprise customers had been compromised. Krebs speculated that the information had been obtained by forcing a database to dump all of its contents.

There may not be a serious threat to customers if only basic contact data has been obtained. However, it is likely that some of them will be subjected to phishing attacks. Verizon Enterprise is a supplier to many big businesses, meaning that technology managers in those firms will need to be wary of suspicious communications that seemingly originate from Verizon. As such, this breach may cause lasting damage to Verizon’s image.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.