1.5 million Verizon Enterprise customer records up for sale online

Verizon says security flaw has been fixed and leaked customer details are "basic"

Hacking on keyboard

More than 1.5 million Verizon Enterprise customer records are being sold for $100,000 following a breach.

The activity was discovered when a member of an underground cybercrime forum posted a new thread appearing to advertise the sale of customer information from 1.5 million Verizon Enterprise customers, cybersecurity journalist Brian Krebs revealed.

Potential buyers could also purchase 100,000 records for $10,000, or information about applicable security vulnerabilities present in Verizon's site. The database can be bought in various formats, including the MongoDB database platform.

The company said the flaw it identified has now been fixed.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In an official statement, it said: "Verizon recently discovered and remediated a security vulnerability on our enterprise client portal.

"Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible."

Last year, Verizon warned companies that failing to patch old vulnerabilities would leave them open to malware and other cybersecurity issues.

Dodi Glenn, VP of cybersecurity at PC Pitstop, said: "While the breach itself is quite large, the information obtained was 'limited', according to Verizon, including only basic contact information. Apparently, no customer proprietary network information (CPNI) data was accessed, which is good news since contact information is considered a lot less valuable than CPNI or other confidential data. 

"Still, however, this should be a concern for many, since the breach happened to a company that is known for helping out other companies during data breaches. Additionally, a lot of Fortune 500 companies use Verizon Enterprise Solutions makes you wonder if some of those who purchased the data may have plans to use the information to start phishing attacks, since it contains information from companies with lots of money."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020