Verizon Enterprise Solutions offers IT security services to some big MNC’s and government agencies. It’s an embarrassing situation for the company as a hacker recently exploited a security vulnerability on its enterprise client portal to steal contact information of customers.
Not only the hacker breached the security of Verizon Enterprise, but also he/she is now offering to sell the database of 1.5 million Verizon Enterprise clients. However, Verizon said the hacker didn’t gain access to CPNI (Customer Proprietary Network Information) or any other data.
The telephone companies collect CPNI including the date, time, duration and destination number of each call and the network type. The hacker could have used that information for malicious purposes.
According to KrebsOnSecurity:
“The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.”
The Verizon Enterprise database is being offered in multiple formats by the hacker, including the database platform MongoDB. It looks as if the hackers forced the MongoDB system to dump its contents.
A Verizon Enterprise spokesperson told KrebsOnSecurity:
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”
The telecom giant has already identified and fixed the security vulnerability in its enterprise client portal that let attackers gain access to the database of 1.5 million customers. You don’t need to worry because only basic contact info was stolen.
The company said that you don’t need to worry about identity theft or credit card fraud. However, the stolen data from Verizon Enterprise could be used for phishing scams and other attacks.