A BreachForums user under the alias IntelBroker claims to have posted the customer data of Verizon Communications on the forum. The threat actor has claimed to have access to a database of 7.5 million Verizon customer records. Verizon has verified the data on the request from The Cyber Express.
According to their initial review of this matter, the data appears to be obtained approximately two weeks ago when a Verizon vendor experienced a security breach, Verizon spokesperson Richard Young told The Cyber Express.
“This vendor creates videos for Verizon to assist customers with billing-related questions. The vendor had access to customer first names, device types, and service plans. The vendor did not have access to Social Security numbers, credit card numbers, or other personally identifiable customer information,” Young said.
We have severed this vendor’s access to our systems and suspended use of their services. Our review of this matter continues.”
Commonly known as Verizon, the American multinational telecommunications conglomerate is a corporate component of the Dow Jones Industrial Average. According to Statista, Verizon has a retail customer base of approximately 143 million subscribers in 2021.
“In January 2023, a database of 7.5 million customers belonging to the Verizon was stolen by hackers,” claimed the post by IntelBroker. A sample of the hashed data posted indicates mobile and online subscription details.
The post, made on Friday, had the link to download the entire data tranche. IntelBroker’s present avatar has been active on the forum since October 2022. Its previous targets include Autotrader, Volvo, Hilton Hotels, and AT&T.
Verizon and data breaches
Independent researchers were analysing the sample data at the time of publishing this report. If the tranche turns out to be authentic, this would be the company’s second major data breach in the past 12 months.
Verizon in May 2022 confirmed a data breach where the full names, email addresses, corporate ID numbers, and phone numbers of Verizon employees were compromised. According to a report from Motherboard, the data was shared with the publication by the hacker who reached out to them.
The company popped up in cybersecurity news over a data breach five years before that.
In 2017, the telecommunication company conceded that the personal data of 6 million customers had been leaked online. The leak was caused by a misconfigured security setting on a cloud server, which was the result of “human error.
The data, which included customer phone numbers, names, and some PIN codes, was publicly available online due to a mistake made by NICE Systems, an Israel-based company that Verizon was working with to facilitate customer service calls.
The data of telecommunication users was collected over a period of six months, and Verizon closed the security hole on June 22.