Verizon Enterprise Solutions – a B2B division of the telecommunications company that provides data breach response services – is reportedly facing a breach of its own. According to a report by investigative journalist Brian Krebs, a database containing the contact information of approximately 1.5 million Verizon Enterprise customers was found for sale on the Dark Web earlier this week. An advertisement for the stolen information was seen posted by “a prominent member of a closely guarded underground cybercrime forum,” said Krebs, who noted the seller offered the entire package for a total of $100,000, or 100,000 records for $10,000 apiece. Additionally, Krebs said the hacker also offered to sell information about the security vulnerabilities found in Verizon’s Web site. Verizon Enterprise Solutions acknowledged the incident, stating:
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
The company did not disclose how many customers were impacted in the breach but said affected clients would be notified. “The irony in this breach is that Verizon Enterprise is typically the one telling the rest of the world how these sorts of breaches take place,” wrote Krebs. “It’s a fair bet that if cyber thieves buy all or some of the Verizon Enterprise customer database, some of these customers may be easy marks for phishing and other targeted attacks,” he said. Verizon Enterprise claims to serve 97 percent of the Fortune 500 companies. “Even if it is limited to the contact data for technical managers at companies that use Verizon Enterprise Solutions, this is bound to be a target-rich list,” warned Krebs.