Verizon Enterprise Solutions has suffered a data breach due to a security flaw, with hackers gaining access to the personal information of at least 1.5 million customers.
For those who don't know, the culprit's target is an arm of Verizon that provides various services to businesses and government bodies, including cloud hosting and computing and online security. It's also the go-to division of 99 percent of Fortune 500 companies in the event of an infiltration in their systems, the carrier claims. As everyone can imagine, this is quite an unexpected development.
Immediately after the theft, the cybercriminal reportedly put the stolen information up for sale on an underground hacking forum, pricing the whole database at $100,000 and offering an option of 100,000 customer records at $10,000 per batch.
The incident made headlines when Brian Krebs made a post about it on his cyber security-focused blog Krebs on Security. He then got in touch with Verizon Enterprise to let it know about the ad, and according to the company, it recently spotted the flaw in question and started to inform the clients who are affected by the breach.
"Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible," Verizon Enterprise tells Krebs via email.
Krebs continued to explain that the felon is offering the database in different formats, pointing out that it was available in MongoDB. That means there's a high possibility that the cybercriminal managed to force a MongoDB database at Verizon to dump its content, Krebs surmises.
Verizon has yet to confirm the definitive number of affected customers, explain how the cyberattack happened and what exactly was stolen – or whether or not it was more than just basic information of the victims. Just to be clear, subscribers of the carrier don't have to worry about the incident.