Verizon does a very good annual report on data breaches, so it is ironic they will have to discuss their own major data breach in the next edition. Security expert Michael Krebs reported that Verizon Enterprise, the B2B arm of the business, had been hacked by criminals who were offering to sell stolen data about Verizon customers.
Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.
The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.
Verizon admitted there had been a security weakness but said it has now been addressed. They also confirmed that ‘basic’ contact information for enterprise customers had been compromised. Krebs speculated that the information had been obtained by forcing a database to dump all of its contents.
There may not be a serious threat to customers if only basic contact data has been obtained. However, it is likely that some of them will be subjected to phishing attacks. Verizon Enterprise is a supplier to many big businesses, meaning that technology managers in those firms will need to be wary of suspicious communications that seemingly originate from Verizon. As such, this breach may cause lasting damage to Verizon’s image.