More than 1.5 million customers of Verizon have had their data exposed to potential compromise after a treasure trove of personally identifiable information were sold on a an underground cyber crime forum.
Bryan Krebs, a veteran journalist in the field of technology and computer security, was the first to report on what he found as a wholesale trade of a vast amount of data. Verizon Enterprise Solutions admits to the incident and adds that it has already begun disseminating alerts to its customers about the potential breach.
The whole database of information is now up for sale for $100,000, and includes security flaws and exploits in the website of Verizon Enterprise Solutions. The company, however, was quick to make it clear that only the customers’ names and email addresses have been leaked to the cyber crime forum and that it had already patched the security loophole that helped the attackers gain access to the data.
Verizon Enterprise Solutions addressed the situation on its enterprise client portal shortly after the discovery of the personal data on sale. The company describes the breach as only involving basic information, as though the stolen data were of little value and do not deserve much concern from the owners. Fortunately, the hack did not include any customer proprietary network data.
There are speculations that a hack into the MongoDB cross-platform document database has led to the data theft of Verizon customers because the cyber crook is offering the information in several formats, including MongoDB.
There are various implications resulting from the Verizon Enterprise Solutions data breach, since it does business with majority of the Fortune 500 companies and government agencies as well. That could mean a lot of things for the business community. But a more serious implication is that the stolen data may be used to spread social engineering, spam campaign, phishing attacks and ransomware tactics to the employees of the businesses that may be affected by the Verizon breach.
The breach also has drawn some ironic conclusions, chief of them the irony that Verizon issues an annual report that provides details about the patterns of cyber threats and attacks of the previous year, but nonetheless failed to protect its own enterprise and customer data. Injection vulnerability is suspected to be the attack vector used by the hacker who penetrated the Verizon security wall. But it’s a lesson, after all, that cyber attacks do not discriminate their victim, whether it’s a startup or a well-established company.