Verizon Enterprise Solutions, the telecom giant’s business-to-business (B2B) unit that functions as a defacto anti-breach unit that usually warns others of data breaches, was ironically the target of a breach itself. The breach saw some 1.5 million customers of Verizon Enterprise affected. The data has been put up on sale on an underground cybercrime forum.
Prominent security researcher and journalist Brian Krebs has revealed that Verizon Enterprise, the unit of Verizon that routinely aids global firms in the area of security and data breaches is now suffering one, of its own.
KrebsOnSecurity has also revealed that a ‘prominent’ member of an underground cybercrime forum has advertised the sale of a database that houses the information of the 1.5 million affected customers.
The hacker(s) who stole the information has put it up for sale, as a whole, for $100,000. The seller has also offered blocks of the information, with 100,000 records each, for $10,000 each.
In a statement, the company said:
Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker [who] obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.
Beyond the sale of the contact data, the seller also offered information about security vulnerabilities in Verizon’s website, for a price.
As mentioned earlier, there is notable irony in the security incident which sees Verizon Enterprise, a unit that typically educates others about security breaches, to be at the receiving end of a data breach. Krebs makes light of this in mentioning the unit’s annual Data Breach Investigation Report that serves as an informational industry reference about security and data breaches.
The incident could is certain to be a source of great embarrassment for the company, as Verizon Enterprise counts 99 percent of the Fortune 500 companies among its clientele. The information, if purchased by other cybercriminals can be used for spear phishing scams and social engineering attacks that target the wealthy list.
Featured image from Shutterstock.