March 28, 2016 by

Verizon’s Incident Response Division is Breached

Verizon’s B2B unit, Verizon Enterprise Solutions was hit by hackers. The breach saw over 1.5 million customers’ data stolen from a unit of Verizon that provides cybersecurity solutions and consulting to a majority of the Fortune 500 companies.

Verizon Enterprise Solutions, the unit that gets called by many among the Fortune 500 when a data breach occurs is now recovering from its own data breach. The news first broke during reporting by independent cybersecurity researcher Brian Krebs.

The hacker or the hacker outfit gained access to the unit before stealing the data and then offering it up for sale on an underground cybercrime forum, as discovered by Brian Krebs.

A post on KrebsOnSecurity read:

Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.

The entire package was offered on sale for $100,000. Parts of it in clusters of 100,000 contact details was being offered for $10,000 each. Buyers were also given the option to pay for information on vulnerabilities discovered by the hacker on Verizon’s website.

Speaking to the security blogger, the company admitted that it had identified a “security flaw” recently. The flaw had allowed hackers to gain access to customer contact information. The company also revealed that it is reaching out to affected customers to inform them of the breach.

In an emailed statement, Verizon added:

“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”

The data was sold in multiple formats including MongoDB, the database platform. This offers clues confirming the possibility that the attackers may have forced the MongoDB system in order to dump its contents.

Beyond its statement, Verizon has not revealed any further details about the number of customers impacted or how the breach occurred.

Verizon Enterprise is popular for its annual Data Breach Investigations Report, also known as DBIR in the industry.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Sonic Drive-In Breach Could See Info of Millions of Credit, Debit Cards Stolen

Drive-in restaurant chain Sonic is the latest major company to be the target of a significant data...

Read more arrow_forward