1.5M Verizon Enterprise customer records selling on forum after breach
Unfortunate 500 among biz to get bad news letter
Some 1.5 million Verizon Enterprise customer records have been stolen and are being sold on a criminal hacking forum, according to reports.
A trusted seller on a popular but shadowy unnamed criminal forum asked for US$100,000 for the database or US$10,000 for batches of 100,000 records, investigative blogger Brian Krebs reports.
Verizon Enterprise counts 99 percent of the Fortune 500 among its customer base.
The company has been contacted for comment.
Verizon told Krebs it had found and fixed a vulnerability in its enterprise client portal and is contacting customers.
“Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information or other data was accessed or accessible,” the company says.
The unnamed seller is also reportedly selling vulnerabilities in the Verizon website. Buyers will receive the stolen databases in MongoDB format.
The information will be useful in crafting personalised, and therefore more enticing, phishing messages, which is a crucial first step in many attacks against enterprises. ®