A trove of data containing the information of over 1.5 million Verizon customers is now up for sale on the darknet. A prominent hacker found and exploited a hole in the servers of Verizon Enterprise Solutions, the part of the company tasked with helping others respond to security threats. He’s now selling access to the entire database for $100,000, or $10,000 for slices of 100,000 customers. You can also fork over an undisclosed sum for information on the vulnerabilities that allowed the hacker to break into Verizon’s systems in the first place.
The price may seem a little steep considering the hacker only nabbed basic contact information — so no Social Security or bank account and routing numbers. But you’d be surprised by how quickly phishing scams can yield major paydays. Think you’re invulnerable? In a CBS News test of close to 20,000 people last year, 80 percent of participants fell for at least one of the sample phishing scams. Verizon itself reports that 23 percent of people who receive phishing emails open them, and 11 percent open the emails and click on the malicious link.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement to Krebs on Security, which originally broke the news of the hack. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
A typical company with 1,000 employees already spends $3.7 million annually to deter phishing scams. Now, Verizon has opened its customers up to a world of new threats, and, considering the mark was Verizon Enterprise Solutions, the victims are mostly corporate officials that paid for security help. So companies that brought Verizon in to help avoid the threat of hackers are finding themselves at greater risk than ever before.
Lucky for us, the irony of the situation was not lost on the internet: