Hackers Put Up 1.5 Million Verizon Customers’ Stolen Data For Sale

Hackers have supposedly stolen customer contact information from Verizon’s Enterprise unit. This unit which helps Fortune 500 companies respond to data breaches has suffered a security breach itself, reports Brian Krebs, an independent cybersecurity journalist.

Verizon Enterprise Solutions is the B2B unit in Verizon’s huge portfolio that offers a variety of services for other companies or governments around the world, that range from cloud hosting to cloud computing, from private IP services to communications, and even online security.

The breach came to light Thursday in a post on the blog Krebs on Security. Krebs reported the hacker stole contact information for about 1.5 million Verizon Enterprise customers and offered it for sale for US$100,000 on a cybercrime forum. The thieves were also offering smaller chunks of the data of 100,000 records for $10,000 each, and information on potential security vulnerabilities on Verizon’s websites. As the data was offered for sale in the MongoDB format, among others it’s likely the attacker forced a MongoDB database at Verizon to dump its contents, the blog said.

Verizon has already identified the security vulnerability found in the client portal and notified its customers, the company told Krebs. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers,” Verizon was quoted as saying. “No customer proprietary network information (CPNI) or other data was accessed or accessible.”

According to Krebs, the contact information stolen from Verizon could be used in phishing scams and other attacks. “Even if it is limited to the contact data for technical managers at companies that use Verizon Enterprise Solutions, this is bound to be target-rich list,” he wrote.

Verizon did not immediately respond to questions about what the security issue was, how it was discovered and how many customers are affected.