14 DAY TRIAL // Verizon's business branch, known as Verizon Enterprise Solutions, has suffered a data breach that allowed an attacker to get away with at least 1.5 million customer records, security journalist Brian Krebs reports.
Verizon Enterprise Solutions is the B2B unit in Verizon's huge portfolio, offering a variety of services for other companies or governments around the world, that range from cloud hosting to cloud computing, from private IP services to communications, and even online security.
Its security division is well known in the infosec community, where its annual Data Breach Digest provides a wide variety of case studies of actual data breach incidents the company's experts have helped solve.
It is such big irony that the company that is usually called upon to investigate data breaches has now suffered a data breach itself.
Stolen data is available for purchase on the Dark Web
According to Mr. Krebs, a yet-unnamed hacker has posted an ad on underground hacking forums claiming to be in the possession of 1.5 million customer details, acquired from a Verizon Enterprise Solutions database.
The hacker is willing to sell the whole batch for $100,000, or split it up in smaller pieces of 100,000 records for $10,000. The data only seems to contain basic contact info, but malicious actors that engage in targeted attacks would just love to get their hands on contact information for representatives from Fortune 500 companies. Verizon claims that its B2B unit serves 99% of all enterprises listed in Fortune 500.
In a statement emailed to Mr. Krebs, a Verizon spokesperson has acknowledged the incident, saying that no customer proprietary network information (CNPI) was stolen, and that the company has started informing all affected clients.
It appears that the attacker exploited a vulnerability in Verizon's enterprise customer portal. Mr. Krebs says that some of the leaked data was offered in a format specific to MongoDB databases.