Verizon 3M Data Leak, Who, When & Why

A few days ago the media went wild with reports that 3 million Verizon WiFi accounts had been accessed and leaked, well this was very falsely reported in many ways.


First lets start with TibitXimer who has since either closed down or changed names of the twitter account, they claimed they had hacked Verizon and obtained this data on the some time around the 22nd and had contacted ZDNet to give an exclusive. Since then i have been contacted by a hacker who i followed closely this year (c0mrade) while they were doing some very high profile attacks and caused a lot of controversy that made many headlines throughout the cyber security world. pablo-neruda-comradeisgod-on-twitter2


They had contacted me and stated that this data was actually obtained early August 2012 and that Verizon already knew about this and the fact the data was actually up for sale way back in august on a Russian forum. The forums username OptimusCrime had posted the following. (censored).

English: Price: $ 5000 You Get access to every customers’ details and every device in Verizon Which Has ITS under belt. Example: P / N = **** Name = Rita West Customer since – 2/*/ 02 Address = **DR, 1 Password = Crypted 4126551407FE11873910852040C / device access code with a Little reformatting: Email me @ [email protected] or [email protected]

c0mrade has pointed me in the direction of a person named Erica Payne which has a shared2 account which is said to be the core reason why this data was obtained. TibitXimer had to of obtained this data from c0mrade via the forums where c0mrade had uploaded it as user Mars in the form of a sample when he had planned to sell the complete leak. When the attack was done there was 3 files but since then due to circumstances the files have been erased and complete leak is gone.


For what ever reason this person was holding such data in a shared online environment it must be a dam good one otherwise Verizon has got a lot of questions coming its way from many people. Earlier today Verizon media contacted me via email and pretty much confirmed everything by stating that no internet systems were access, nothing was breached and that it was under investigation from months ago.

This is Bill Kula with Verizon media relations. Your Dec. 23 story didn’t include our statement provided Dec.22 to ZDNet, so am asking you to please include some, or all, of it in your online article. Thanks. “The ZDNet story is inaccurate. We take any attempts to violate consumer and customer privacy and security very seriously.  This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. Nonetheless, we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.”


So the end story is, this Verizon leak is old, it was well known about within the hacker community and had been around since august.  Verizon is clearly still investigating this and would not comment any further on the story. Information Sources:– Example:

About the author: Lee J

Security Analyst, Developer, OSINT,

Comments are closed.