Hackers Sell Data for 1.5mn Verizon Customers

Verizon does a very good annual report on data breaches, so it is ironic they will have to discuss their own major data breach in the next edition. Security expert Michael Krebs reported that Verizon Enterprise, the B2B arm of the business, had been hacked by criminals who were offering to sell stolen data about Verizon customers.

Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.

The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.

Verizon admitted there had been a security weakness but said it has now been addressed. They also confirmed that ‘basic’ contact information for enterprise customers had been compromised. Krebs speculated that the information had been obtained by forcing a database to dump all of its contents.

There may not be a serious threat to customers if only basic contact data has been obtained. However, it is likely that some of them will be subjected to phishing attacks. Verizon Enterprise is a supplier to many big businesses, meaning that technology managers in those firms will need to be wary of suspicious communications that seemingly originate from Verizon. As such, this breach may cause lasting damage to Verizon’s image.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric's history as editor.