In San Francisco, California, records for more than 1.5M customers of Verizon Enterprise Solutions – Computer Security Wing – appeared for sale earlier this week. This Verizon unit aids large corporations when they’ve been the victims of a hack, now the unit itself has been breached.
According to Brian Krebs, a respected computer security writer, the entire database was offered up for $100,000 on a “closely guarded underground cybercrime forum,” or in increments of 100,000 records for $10,000 apiece. Buyers were also offered the option to purchase information about security vulnerabilities in Verizon’s Website.
In an emailed statement, the company said, “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”
The company noted that no data about consumer customers was involved.
It’s ironic that, each year, Verizon Enterprise Solutions writes one of the most widely-read annual data breach investigation reports, and this event will be scrutinized by the computer security community.
The attack “shows that even those that report security vulnerabilities are susceptible to exploits,” said Brad Bussie, director of product management for STEALTHbits Technologies.
“With 99% of the Fortune 500 using Verizon Enterprise Solutions, the compromise of 1.5 million customers’ contact details could prove a huge payday for hackers. Stealing contact information doesn’t have the immediate payoff of a credit card number, but in the long term can be extremely lucrative if leveraged correctly,” said Vishal Gupta, CEO of the security company Seclore.
While the breach only included basic contact information about Verizon Enterprise Solutions customers, it’s of concern because of who those customers were, said Dodi Glenn, vice president of cyber security at PC Pitstop.
“A lot of Fortune 500 companies use Verizon Enterprise Solutions – makes you wonder if some of those who purchased the data may have plans to use the information to start phishing attacks, since it contains information from companies with lots of money,” he said.
Read Article (Elizabeth Weise | usatoday.com | 03/25/2016)
Obviously, some of the largest enterprises and companies have maintained an “invincibility” complex, even in the face of breaches over recent years. Businesses should not subscribe to the “if it ain’t broke don’t fix it” saying and be more proactive about their security.
Master Level High-Tech Webinars