Security journalist Brian Krebs of KrebsOnSecurity has learned that Verizon Enterprise Solutions, a unit of the telecommunications company that provides nearly every Fortune 500 company with IT security and services, has fallen victim to a cyber attack.
Krebs says that earlier this week, a prominent member of an underground cybercrime forum posted a thread offering up the contact information of 1.5 million Verizon Enterprise Solutions customers. The seller asked $100,000 for the entire collection but offered to sell smaller chunks of 10,000 records for $10,000 each. The seller is also offering up information regarding security vulnerabilities on Verizon’s website.
Verizon Enterprise Solutions confirmed to Krebs that it recently identified a security flaw that allowed attackers to steal customer contact information. The company said it is in the process of alerting affected customers via e-mail in which it said only basic contact information was affected. No customer proprietary network information (CPNI) or other data was accessed or accessible, Verizon added.
Krebs notes the irony of the breach as Verizon Enterprise Solutions is usually the one that tells the rest of the world how such breaches occur. Its annual Data Breach Investigations Report (DBIR) is highly regarded as even Krebs frequently recommends it.
If the data does fall into the wrong hands, it’s almost a given that companies on the list will become marks for phishing and other targeted attacks.