The enterprise unit of telecommunications company Verizon continues to deal with the fallout of hackers posting its customer contact data for sale online.
According to Krebs on Security, Verizon Enterprise Solutions is aware that a seller on an underground cybersecurity forum advertised the sale of a database containing data from nearly 1.5 million of its customers for $100,000 or sections of 100,000 records for $10,000 each.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” Verizon Enterprise Solutions said in an emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Verizon Enterprise Solutions claims that 97 percent of Fortune 500 companies use its services, meaning the firm’s customers may end up being big marks for phishing and other targeted attacks, Krebs added.
Buyers also were reportedly offered the ability to purchase information surrounding the security vulnerabilities impacting Verizon’s website.
“Verizon has not yet responded to questions about how the breach occurred or exactly how many customers were being notified,” Krebs said.
“The irony in this breach is that Verizon Enterprise is typically the one telling the rest of the world how these sorts of breaches take place. I frequently recommend Verizon’s annual Data Breach Investigations Report (DBIR) because each year’s is chock-full of interesting case studies from actual breaches, case studies that include hard lessons which mostly age very well,” he added.