Verizon's Security Service Gets Whomped by Hackers
Data dump; Stolen credentials; Software vulnerability
Verizon Enterprise Solutions, a unit of the telecommunications giant that responds to corporate data breaches, is reeling from its own data breach involving the theft and resale of customer details.
The week of March 20, a Dark Web denizen put up for sale a database containing the contact information for some 1.5 million customers of Verizon Enterprise.
The seller is offering the database in multiple formats, including the MongoDB platform, so it seems likely that the attackers somehow forced the MongoDB system to dump its contents.
Interested ID thieves can own the whole database for $100,000 or buy chunks of 100,000 records for $10,000 a chunk.
“Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site,” KrebsOnSecurity reports.
The company says that it recently identified a security flaw in its site that permitted hackers to steal data, and that it is in the process of alerting affected customers.
“Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers,” the company said in an email.
March 23, 2016
Link to report
1.5 million customers
location of breach
location of perpetrators
date breach occurred
date breach detected
Week of March 20, 2016