Security journalist Brian Krebs of KrebsOnSecurity
has learned that Verizon Enterprise Solutions, a unit of the telecommunications company that provides nearly every Fortune 500 company with IT security and services, has fallen victim to a cyber attack.
Krebs says that earlier this week, a prominent member of an underground cybercrime forum posted a thread offering up the contact information of 1.5 million Verizon Enterprise Solutions customers. The seller asked $100,000 for the entire collection but offered to sell smaller chunks of 10,000 records for $10,000 each. The seller is also offering up information regarding security vulnerabilities on Verizon’s website.
Verizon Enterprise Solutions confirmed to Krebs that it recently identified a security flaw that allowed attackers to steal customer contact information. The company said it is in the process of alerting affected customers via e-mail in which it said only basic contact information was affected. No customer proprietary network information (CPNI) or other data was accessed or accessible, Verizon added.