1.5 million customer data for sale online as Verizon’s anti-data breach unit hacked

Headline grabbing hacks such as Sony and Talk Talk previously had both personal and corporate data increasingly at risk as these companies failed to keep personal information secure.

Last week, hackers stole contact information of business customers of Verizon’s B2B unit, Verizon Enterprise Solutions.

Verizon’s B2B unit provides cybersecurity solutions and consulting to a majority of the Fortune 500 companies. It is popular for its annual Data Breach Investigations Report, also known as DBIR in the industry.

Verizon said that an attacker exploited a security vulnerability in its enterprise client portal to steal the contact information of 1.5 million enterprise customers.

Verizon’s B2B unit provides cybersecurity solutions and consulting to a majority of the Fortune 500 companies. It is popular for its annual Data Breach Investigations Report, also known as DBIR in the industry.

KrebsOnSecurity, which first broke this news, reported that since Verizon Enterprise reportedly works with 99 percent of Fortune 500 companies, so many of those enterprises could find themselves the victims of targeted attacks or phishing scams.

The post on KrebsOnSecurity finds Verizon admitting that it had identified a security flaw that had allowed hackers to gain access to customer contact information. The company said that that it is reaching out to affected customers to inform them of the breach.

In an emailed statement, Verizon added:

“Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”

The data was sold in multiple formats including MongoDB, the database platform. This offers clues confirming the possibility that the attackers may have forced the MongoDB system in order to dump its contents.

The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s website.
Source:http://cio.economictimes.indiatimes.com/news/digital-security/verizons-anti-data-breach-unit-hacked-1-5-million-customer-data-for-sale-online/51601070

. . . . . . . .

Print Friendly

Leave a Reply