A recent thread posted on a guarded cybercrime forum advertised a database containing contact information for roughly 1.5 million Verizon Enterprise customers for sale at $100,000 for the lot, reports Krebs on Security.
Verzion confirmed in a statement that it had identified and fixed a flaw in its site, but not before hackers managed to steal data about its clients:
Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.
Ironically, Verizon Enterprise Solutions is known for responding to other companies’ data breaches and assisting in investigations and forensics. The company publishes an annual Data Breach Investigations Report with cases studies and insights on cyber crime, and has been named by Gartner as a leader in managed security services.
Of course, this incident doesn’t affect subscribers of Verizon’s mobile service, and even enterprise customers, who had only their contact information stolen, likely won’t be the target of further direct attacks.
However, those details could help attackers launching phishing scams. Verizon’s Wikipedia page says that 99 percent of Fortune 500 companies use its enterprise services.