Verizon Enterprise Solutions, the B2B division of the telecommunications company that caters to government agencies and Fortune 500 companies, which offers services including helping those organizations respond to data breaches, has experienced a massive data breach of its own, reports Krebs on Security.
“Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise,” Krebs on Security writes. “The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s website.”
At the time of this writing it is unknown which specific Verizon Enterprise Solutions customers had their data breached in the hack, but Verizon has confirmed that it is in the process of contacting affected customers. However, given that Verizon boasts that 99% of Fortune 500 companies use Verizon Enterprise Solutions, it could be expected that some very big names have had their data stolen.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” a company spokesperson said in an emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Krebs on Security says that the seller of Verizon’s hacked data is offering the database in multiple formats, including MongoDB, which the site theorizes the hackers “somehow forced the MongoDB system to dump its contents.”
So far nothing has been made public on who carried out the hack, but ironically, Krebs on Security notes, Verizon’s own 2015 Data Breach Investigations Report (DBIR), in which it offers case studies of data breaches to clients, says that Verizon Enterprise found that organized crime groups were the most frequent perpetrator of hacks of this type.
As for what buyers of the hacked information could do with the data, Krebs on Security notes that those Verizon Enterprise Solutions customers could be vulnerable to phishing and other targeted attacks.