Verizon claims the company has been aware of the leak for a few months now

Dec 27, 2012 08:44 GMT  ·  By

A hacker that goes by the name of TibitXimer has published a file containing 300,000 records belonging to Verizon customers. The telecoms firm claims that the leak is old and that the hack didn’t affect them, but a third-party marketing company.

Whenever there’s a big data leak involved, there’s bound to be some controversy. This incident is no exception.

TibitXimer told ZDNet that he gained access to 3 million accounts back in July. He said that he decided to publish a fraction of the records after Verizon failed to fix the vulnerability that allowed him to gain access to the data.

Initially, he explained that the data belonged to Verizon Wireless customers, but later revealed that the names, addresses, mobile serial numbers and account passwords belonged to Verizon FiOS fiber users.

After the story broke out, Verizon representatives came forward to clarify the fact that they learned of the breach months ago and that an investigation was launched soon after.

“Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported,” Verizon noted.

“We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.”

Furthermore, the company told TNW that a third-party marketing firm was actually responsible for the breach.

Currently, the leaked information has been removed from Pastebin and TibitXimer has removed (or possibly changed) his Twitter account.

Verizon’s side of the story is confirmed by C0mrade, a hacker who has recently stepped down from the hacking scene.

He told CWN that the information was put up for sale by him back in August on a Russian forum. He has confirmed that Verizon has been aware of the breach since then.