Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Hackers Steal Details of Verizon Enterprise Customers

Hackers reportedly stole the details of 1.5 million Verizon Enterprise customers after exploiting a vulnerability in the company’s website.

Verizon Enterprise Solutions is a division of Verizon Communications that specializes in designing, building and operating networks, IT systems and mobile technologies for businesses and governments.

Hackers reportedly stole the details of 1.5 million Verizon Enterprise customers after exploiting a vulnerability in the company’s website.

Verizon Enterprise Solutions is a division of Verizon Communications that specializes in designing, building and operating networks, IT systems and mobile technologies for businesses and governments.

According to security blogger Brian Krebs, a prominent member of an exclusive underground forum has been offering to sell a database storing the contact information of roughly 1.5 million Verizon Enterprise customers.

The complete database is offered for $100,000, but interested parties can also acquire sets of 100,000 records for $10,000. The seller has also offered information on vulnerabilities in Verizon’s website, Krebs said.

The database is available in multiple formats, including MongoDB. There have been many incidents over the past period where misconfigured MongoDB databases exposed a large number of records of sensitive information.

Verizon Enterprise representatives have confirmed that their website had been plagued by a vulnerability that allowed hackers to steal customer contact information, but has not specified how many are affected. The company noted that the attackers have not gained access to customer proprietary network information or other data. Affected clients will be notified.

“Today’s news highlights how much a priority application security is – particularly managing the web perimeter as this is almost always the easiest way to gain access to a company. It’s encouraging to see that Verizon Enterprise found and remediated the problem so quickly, however, the issue for most companies is the lack of insight into how large their perimeter actually is. In fact, over the last two years, we’ve found more than 350,000 websites that our customers didn’t even know they owned,” Chris Wysopal, co-founder and CTO of Veracode, told SecurityWeek.

“Most companies have a very difficult time managing this issue as it generally falls somewhere between the web team, marketing, regional teams and the security team … and that basically means no one is looking after it. This really is an area where expertise is required and often comes in the form of partnering with experts to manage,” Wysopal added.

Adam Levin, chairman and founder of IDT911, pointed out that it’s ironic how Verizon Enterprise, which usually investigates data breaches suffered by others, has now itself become a victim.

“Because of Verizon Enterprise’s security vulnerability, approximately 1.5 million customers of the company— which include some of the top Fortune 500 companies— are now at the mercy of cybercriminals who can sell stolen customer data on the black market,” Levin said via email. “As Verizon Enterprise is typically the one notifying the public how breaches take place, and the top security experts frequently recommend Verizon’s annual Data Breach Investigations Report, it’s extremely ironic, and unfortunately another sign of our times—as breaches have become the third certainty in life—- that Verizon had a security vulnerability on their enterprise client portal. Customers who have been exposed are now prime targets for targeted phishing attacks.”

Related: Verizon’s Hum Website Found Leaking Credentials

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...