According to cyber security blogger Brian Krebs, more than 1.5 million Verizon Enterprise customers contact information was leaked on an underground cybercrime forum.
Not all Verizon’s customers were affected, the hack targeted only Verizon’s B2B Enterprise Solutions. Krebs says that earlyer this week, a deep-web forum advertised the sale of a database containing the contact information of 1.5 million customers of Verizon Enterprise. The database with the leaked customers data was priced at $100 000, but the hacker also offered to sell pieces of 100 000 records for $10 000 per piece.
The hackers offer the customers leaked data in multiple formats, one of them being MongoDB. It is possible that the attackers forced MongoDB to dump the Verizon’s customers data. In case that you use MongoDB as a database platform, please make sure that you’re using the latest stable version.
The most important thing that Krebs mentioned is that the buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.
I’m curious what was the vulnerability that the hackers used to obtain Verizon’s customers data. If I was in the hacker’s place, I would have announced Verizon about it’s vulnerability/vulnerabilities. In that way, the hackers could have earned more money. But of course, this option is not available anymore, now that the data was leaked. This is just a personal observation.
Verizon moved fast and released a statement saying that:
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal”
“Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Verizon is used by almost all Fortune 500 companies. The company is widely known for its cybersecurity services, and releases an annual report on avoiding cyberthreats.
According to CNBC,
Verizon told CNBC that impacted Verizon Enterprise customers are being notified, and no data about consumer customers was involved.
If you want to read more things regarding this hack, please go to the Krebs on Security blog.
If you have any information regarding this cyber attack, please add a comment to the article.