Verizon's Anti-Hacking Team Was Hacked

Verizon's anti-hacking team, a collective tasked with helping big-name companies hit by major data breaches, has itself become the victim of data theft. According to a new report, the Verizon Enterprise Solutions unit had data stolen on about 1.5 million customers, all of which went up for sale on an unspecified online cybercrime forum. The seller sought $100,000 in exchange for the database, or $10,000 for a 100,000-person sliver of it.

The information comes from Krebs on Security, where he says the database went up for sale on "a closely guarded underground cybercrime forum." The data belongs to Verizon Enterprise Solutions customers — the service provider's unit worked with Fortune 500 companies, perhaps making the breach all the more severe.

In a statement to Krebs, Verizon said:

Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.

It isn't clear exactly what kind of contact details the database contains, though it likely has email addresses which leave the individuals exposed to phishing attempts. Phishing emails often prove successful, tricking someone into turning over data on others or into providing log in details that give hackers access to a new network. Seagate recently disclosed that it was the victim of such a hack, with someone managing to get a bunch of worker W2 forms using an email.

SOURCE: Krebs on Security