1.5 million Verizon Enterprise customer records up for sale online

29 Mar, 2016

Verizon says security flaw has been fixed and leaked customer details are "basic"

More than 1.5 million Verizon Enterprise customer records are being sold for $100,000 following a breach.

The activity was discovered when a member of an underground cybercrime forum posted a new thread appearing to advertise the sale of customer information from 1.5 million Verizon Enterprise customers, cybersecurity journalist Brian Krebs revealed.

Potential buyers could also purchase 100,000 records for $10,000, or information about applicable security vulnerabilities present in Verizon's site. The database can be bought in various formats, including the MongoDB database platform.

The company said the flaw it identified has now been fixed.

In an official statement, it said: "Verizon recently discovered and remediated a security vulnerability on our enterprise client portal.

"Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible."

Last year, Verizon warned companies that failing to patch old vulnerabilities would leave them open to malware and other cybersecurity issues.

Dodi Glenn, VP of cybersecurity at PC Pitstop, said: "While the breach itself is quite large, the information obtained was 'limited', according to Verizon, including only basic contact information. Apparently, no customer proprietary network information (CPNI) data was accessed, which is good news since contact information is considered a lot less valuable than CPNI or other confidential data. 

"Still, however, this should be a concern for many, since the breach happened to a company that is known for helping out other companies during data breaches. Additionally, a lot of Fortune 500 companies use Verizon Enterprise Solutions – makes you wonder if some of those who purchased the data may have plans to use the information to start phishing attacks, since it contains information from companies with lots of money."

Read more about