1.5M Verizon Enterprise Records Stolen, For Sale On Hacker Forum

verizon_2583730b1.5 million Verizon Enterprise customer records have been stolen and are being sold on a  popular criminal hacking forum, according to reporting from investigative blogger Brian Krebs.

Verizon Enterprise Solutions is a telecom giant’s B2B division and provides IT services to large enterprises, including 97 percent of Fortune 500 companies. Ironically, Verizon Enterprise is a major provider of managed security services, including data breach protection services.

According to Krebs’s reporting, a trusted seller on an unnamed online criminal form is asking $100,000 for the full package of 1.5 million records but has also offered to sell the stolen goods piecemeal for the bargain price of $10,000 per 100,000 records. The seller is also offering buyers the option to purchase information about security vulnerabilities in Verizon’s website. When purchased, stolen records will come in MongoDB format.

When asked for comment, Verizon Enterprize told KrebsOnSecurity that the company “recently discovered and remediated a security vulnerability on our enterprise client portal,” and is currently notifying affected customers. According to a the emailed statement, Verizon’s investigation found that an attacker had “obtained basic contact information on a number of our enterprise customers,” but had not accessed customer proprietary network information (CPNI).

For cybercriminals, this kind of information is highly useful. Criminals can use stolen personal information to create convincing phishing messages—often the first stage of an attack, as in the case of the OPM breach, where attackers obtained access to a federal network by using a contractor’s stolen credentials, and then escalating their privileges and planting a backdoor in the network.

Prevent Data breaches with a strong Identity and Access Management (IAM) policy and solution. Check out Solutions Review’s all-new 2016 Identity Management Buyer’s Guide, featuring ten questions to ask before purchasing, a full market overview, and detailed profiles of the top 28 IAM  companies and solution backgrounds, key features, and best use cases. Download for free here. 

You may also be interested in the 2016 IAM Fact Book, a new comparative featuring vital data on each company’s maturity and longevity, business model, size, geographic reach, workforce, and more. Download for free here. 

Interested in CIAM? Check out Forresters new report, The CIAM Market Landscape, available for free here.

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff