A self-proclaimed hacker going by the name TibitXimer on Saturday leaked some 300,000 Verizon Wireless customer records after breaching the company’s security systems. He downloaded an estimated 3 million customer entries from Verizon’s database on July 12, but only leaked a portion of them today after the carrier failed to respond to his inquiries about its security issues, according to ZDNet.
Update: The hacker now says the records are for Verizon FiOS customers, not Verizon Wireless. Verizon has denied the hacker’s allegations and has disappeared from Twitter. See below for details.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
“I might leak the rest later,” he told ZDNet, which first broke the story. “The worst part of it all, every single record was in plain text,” he said. “I did not have to decrypt anything.” He also said he didn’t understand why the security holes allowing him to gain root access to the servers in question haven’t been plugged, even though he informed the company about them months ago.
Over on Pastebin, TibitXimer shared a bit more information about what exactly the records contain:
Hope you all are enjoying your holidays, I just wanted you all to open a present early, so here is a database with a few hundred thousand customer records from Verizon Wireless! It includes serial numbers, names, addresses, date they became a customer, password to their account, phone numbers, etc…
He has uploaded the leak on SpeedyShare in the form a 279MB text file. At the time of writing it has already been reshared on various mirrors.
A quick look at his Twitter account shows TibitXimer has been preparing to make the leak for hours today, after sitting on the data for months:
@truthizsexy sent him a tweet, need quite a bit of space, will do 300,000+ customers info tonight
— Tibit (@TibitXimer) December 22, 2012
He was worried that the leak would result in a suspension on Twitter, after what happened to the YourAnonNews account this week:
Just watch me get suspended from Twitter after publishing the hack, it only includes a few million customers private info >.<
— Tibit (@TibitXimer) December 22, 2012
We have contacted Verizon about the alleged breached. We will update if we hear back.
Update at 8:20PM EST: “Thanks for reaching out to us to inquire about this story,” a Verizon spokesperson told The Next Web. “The ZDNET story about alleged exposure of Verizon Wireless customer account information is wrong. We have examined the posted data and have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked, and we have asked ZDNet to correct their story.”
Update at 10:15PM EST: Verizon sent along a second statement. Here it is in full:
The ZDNet story is inaccurate. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
Update at 11:30PM EST: TibitXimer’s Twitter account has disappeared. Although he said he might be suspended, the account is simply not present on Twitter, suggesting he either deleted it or changed his handle. Before this happened, however, TibitXimer claimed that the leak was actually for Verizon FiOS customers, not Verizon Wireless as he originally stated. This makes more sense given the alleged figures he’s claiming but Verizon is insistent that it has not been hacked.
Image credit: Joakim Buchwald