recommended reading

Threatwatch

Verizon's Security Service Gets Whomped by Hackers

Data dump; Stolen credentials; Software vulnerability

Verizon Enterprise Solutions, a unit of the telecommunications giant that responds to corporate data breaches, is reeling from its own data breach involving the theft and resale of customer details.

The week of March 20, a Dark Web denizen put up for sale a database containing the contact information for some 1.5 million customers of Verizon Enterprise.

The seller is offering the database in multiple formats, including the MongoDB platform, so it seems likely that the attackers somehow forced the MongoDB system to dump its contents.

Interested ID thieves can own the whole database for $100,000 or buy chunks of 100,000 records for $10,000 a chunk.

“Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site,” KrebsOnSecurity reports.

The company says that it recently identified a security flaw in its site that permitted hackers to steal data, and that it is in the process of alerting affected customers.

“Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers,” the company said in an email.

sector

Telecommunications

reported

March 23, 2016

reported by

KrebsOnSecurity

number affected

1.5 million customers

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Week of March 20, 2016