Verizon Enterprise Solutions has suffered the theft of 1.5 million customer contact details, including for some of the top Fortune 500 companies. The customer info was found up for sale on an underground cybercrime forum, with a price tag of $100,000.
Independent security researcher Brian Krebs ran across the information on the Dark Web. He said that while interested parties could buy the whole package, the seller also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Also for sale: information about security vulnerabilities in Verizon’s website.
VES has copped to the breach, telling Krebs that the company recently identified a security flaw in its site that permitted hackers to steal customer contact information, and that it is in the process of alerting affected customers.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in the emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Krebs pointed out that VES is ironically often called in to help Fortune 500s respond to the world’s largest data breaches—something not lost on other researchers.
“As Verizon Enterprise is typically the one notifying the public how breaches take place, and the top security experts frequently recommend Verizon’s annual Data Breach Investigations Report, it’s extremely ironic, and unfortunately another sign of our times—as breaches have become the third certainty in life—that Verizon had a security vulnerability on their enterprise client portal,” said Adam Levin, chairman and founder of IDT911, via email.
Customers who have been exposed are now prime targets for targeted phishing attacks, and must be careful not to click on suspicious links or authenticate themselves to anyone who contacts them.
“With 99% of the Fortune 500 using Verizon Enterprise Solutions, the compromise of 1.5 million customers’ contact details could have a huge payday for hackers,” said Vishal Gupta, CEO of security company Seclore, via email. “Stealing contact information doesn’t have the immediate payoff of a credit card number, but in the long term can be extremely lucrative if leveraged correctly.”
Photo © Gil C/Shutterstock.com