Verizon Enterprise Solution has fallen victim to a serious security breach, according to Krebs On Security. Earlier this week contact details of more than 1.5 million of its customers were put up for sale on a Dark Web forum. As this branch of the company mainly handles B2B operations, the data is likely to belong to business customers.
The seller is asking $100,000 (about €89,500) for the entire database, which seems high in comparison to the usual rates in this environment. The inflated price probably reflects the higher value of data relating to business customers like big corporations—over 99% of Fortune 500 companies are Verizon customers, as Krebs on Security points out. Or perhaps the seller is putting the squeeze on Verizon to pressure the company into buying back its own data.
Apparently the leak only relates to contact information, which could be used to carry out phishing, investment fraud or other internet scams targeting the companies.
Considering the formats being offered to whoever buys the database, the leak could come from a MongoDB database management system. Often accessible through the specialist search engine Shodan, several badly configured databases of this type such as those of Hello Kitty and VTech have already suffered major hacking incidents this year.
Verizon says the security breach has since been repaired.