Verizon Enterprise data hacked, being sold online

Oh, the irony. Verizon Enterprise Solutions, a company which usually teaches other companies how to protect themselves from data breaches, has been breached.

Not only that, but the data stolen (personal data of some 1.5 million customers) is being sold online for $100,000 (£70,700).

The breach, and the selling of data, was first spotted by security researchers at Krebs on Security, saying they spotted a hacker posting a new thread on a closely guarded underground cybercrime forum.

In the thread, the hacker advertised the sale of the database containing the 1.5 million Verizon Enterprise Solutions customers’ data, for $100,000. He also said he could sell the database in smaller chunks, of 100,000 records for $10,000 apiece.

Verizon Enterprise confirmed to KrebsOnSecurity that it has been breached, and said that it is in the process of alerting affected customers.

“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement to KrebsOnSecurity. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”

The database is apparently being sold in a couple of different formats, including MongoDB, which leads researchers to believe that the hackers somehow managed to force the MongoDB system to release its contents.

Verizon is still being quiet on how the breach occurred, and is yet to say how many customers it had notified so far.