In a typical scenario of the hunter getting hunted, Verizon Enterprise Solutions that takes pride in their ability to deal with data breaches has found itself at the receiving end of a massive incident of data theft.
In a new thread posted by a prominent member of a closely guarded underground cybercrime forum, the database containing details of about 1.5 million of Verizon Enterprise Solutions’ customers has been put up for online sale, reports KerbsOnSecurity. The asking price for the entire database is a cool $100,000 though eager buyers also have the option to buy the same in blocks of 100,000 records each priced at $10,000. That is not all for the seller is also eager to trade-in the vulnerabilities present in Verizon’s official site.
Verizon, in its response has stated they have covered up those flaws that existed in its systems but is yet to reveal any details about how the breach occurred in the first place. The telecommunication giant also has not stated how many of its clients have been notified.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company revealed in an email message sent to Kerbs. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Among the immediate fallout of the data breach is that those customers whose records have been compromised stand the risk of phishing or other such attacks. As Kerbs has put it, the database can be a rich source of information for those out to do mischief even if it is restricted to just contact information of Verizon Enterprise customers.
What makes the entire development interesting is that it is Verizon’s Enterprise Solutions that some of the biggest companies on the planet turn to for ways to deal with the aftermath of a data breach or for the means to prevent them.
Verizon also releases Data Breach Investigations Report (DBIR) each year which essentially is a collection of case studies of data security breaches happening in the industry. Besides serving as a warning others need to be wary of, the report is also a reminder of the kind of security risks that the hackers can pose.
The security division of the telecommunication company caters to about 99 percent of Fortune 500 companies.