A division of Verizon called Verizon Enterprise Solutions; known as the “go-to” company to help others who have experienced a data-breach, is now reeling from becoming victim of their very own data-breach.
KrebsonSecurity reported that the customer database of Verizon Enterprise Solutions was available for purchase for $100,000 as a full data-dump, or in 100,000 record chunks of the database for $10,000 a piece.
Krebs reports that Verizon has identified a security flaw in its own site that permitted hackers to steal customer contact information. It said that it was in the process of alerting affected customers. Verizon had not yet responded to questions posed by KrebsonSecurity about how the breach occurred, or exactly how many customers were being notified.
According to Verizon’s page at Wikipedia, some 99 percent of all Fortune 500 companies are using Verizon Enterprise Solutions. This means that potential buyers of the data will have a treasure trove of target information. The contact details of the IT staff alone would be ripe for spear-phishing attacks, and might even provide even more explicit information on technologies used within those companies – something a cyber criminal can exploit to leverage open a back-door into the IT environment itself.