In a statement to Krebs, Verizon confirmed the breach, but didn’t offer specifics on how many customers were effected or the nature of the hack.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” Verizion told KrebsOnSecurity.com. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Now the contact information is being sold on a “closely guarded underground cybercrime forum.” As KrebsOnSecurity.com notes:
The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece.
With the contact information of highly valuable Verizon Enterprise Solutions customers, an attacker could launch a massive phishing campaign, potentially tricking someone into giving up their username and password.
Photo via Mike Mozart/Flickr (CC BY 2.0)