Dec 222012
 

Update Sunday 3:34 pm:  In response to follow-up questions, Verizon spokesperson Alberto Canal informed this site last night:

Some were Verizon customers, most were not. In regards to the number of individuals, the total was about 10% of what was originally reported. In answer to your question about a vulnerability: No there was not. There was no vulnerability exploited. The data posted was related to 3rd Party Telemarketer Sales Lead Lists. That issue was addressed immediately once we were made aware of the issue.

Adam Caudill nailed this one correctly on Twitter when he said that the data were from a data dump in August and that it looked like it came from a marketing leads list. Emil Protalinski of The Next Web got pretty much the same statements I got from Verizon, but with this addition:

A third party marketing firm made a mistake and information was copied.

So it appears that it was never Verizon’s breach to begin with but a third party’s leak.

Another reminder not to just believe hacker’s claims.

Update Saturday 10:22 pm:  Verizon just sent me the following statement:

“The ZDNet story is inaccurate. We take any attempts to violate consumer and customer privacy and security very seriously. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.

Nonetheless, we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.”

Original story:

From the This-Sounds-Embarrassing Dept., Charlie Osborne and Zack Whittaker report on a hack of Verizon FIOS by a hacker, @TibitXimer, who posted a statement on Pastebin:

Hope you all are enjoying your holidays, I just wanted you all to open a present early, so here is a database with a few hundred thousand customer records from Verizon’s FIOS Department! It includes serial numbers, names, addresses, date they became a customer, password to their account, phone numbers, etc…

The Press has been notified, here is the exclusive: http://www.zdnet.com/exclusive-hacker-accesses-3m-verizon-wireless-customer-records-7000009151/

More articles on the hack:
http://thenextweb.com/insider/2012/12/23/hacker-claims-to-have-swiped-3m-verizon-customer-records-stored-in-plain-text-leaks-10-as-proof/
http://gizmodo.com/5970814/hacker-leaks-300000-version-customer-records-and-claims-to-have-millions-more

The hack reportedly occurred on July 12, and the hacker informed ZDNet that  he went public because Verizon had ignored his report of the vulnerability he  uncovered and did not fix it.  I’m guessing Verizon might be scrambling right now to find @TibitXimer’s previous correspondence and to address it.

And yes, sadly, all the data were reportedly in clear text.

Update: ZDNet updated their article to include a statement from Verizon:

Verizon spokesperson Alberto Canal told ZDNet in an emailed statement: “We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked.”

There’s no statement yet from Verizon FIOS, so it’s important to note that although this breach may appear to be a legitimate claim, it has not been confirmed at this time.

Update 2: Verizon is investigating and says they’ll get back to me soon, so I’m still treating this as unconfirmed at this point, but I hope to have more info soon.

  2 Responses to “Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements)”

  1. Stole my credit card number and charged up $1,000s in August.
    The bank does not know how they got the info.
    I have Verizon FIOS and live in PA.
    And I keep getting phony Phone calls everyday.
    Verizon I need a notice so I can file a fraud report.

  2. There were no credit card numbers or financial data in the August data dump – or this one. Verizon says it was a marketing sales leads list in the possession of another company that got leaked and copied – not one of their customer databases from their servers.

    It would seem that Verizon is likely not the source of the fraudulent charges you incurred in August, but there were so many breaches this year that it may be hard to know how/where your details got compromised.

    Did you ask your bank whether they got fraud reports from other customers at around the same time you first reported your problem? There may be a local merchant who had gotten compromised. If so, the bank would likely also have received reports from others. Or if you ever re-used passwords, one of the humongous hacks this year may have given criminals your password to accounts that could lead to your details. There’s so many ways this could have happened.

    If you haven’t filed a police report already, you should – to create a record that you reported this not only to your bank but to the police.

Sorry, the comment form is closed at this time.