Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements)
Update Sunday 3:34 pm: In response to follow-up questions, Verizon spokesperson Alberto Canal informed this site last night:
Some were Verizon customers, most were not. In regards to the number of individuals, the total was about 10% of what was originally reported. In answer to your question about a vulnerability: No there was not. There was no vulnerability exploited. The data posted was related to 3rd Party Telemarketer Sales Lead Lists. That issue was addressed immediately once we were made aware of the issue.
Adam Caudill nailed this one correctly on Twitter when he said that the data were from a data dump in August and that it looked like it came from a marketing leads list. Emil Protalinski of The Next Web got pretty much the same statements I got from Verizon, but with this addition:
A third party marketing firm made a mistake and information was copied.
So it appears that it was never Verizon’s breach to begin with but a third party’s leak.
Another reminder not to just believe hacker’s claims.
Update Saturday 10:22 pm: Verizon just sent me the following statement:
“The ZDNet story is inaccurate. We take any attempts to violate consumer and customer privacy and security very seriously. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.
Nonetheless, we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.”
From the This-Sounds-Embarrassing Dept., Charlie Osborne and Zack Whittaker report on a hack of Verizon FIOS by a hacker, @TibitXimer, who posted a statement on Pastebin:
Hope you all are enjoying your holidays, I just wanted you all to open a present early, so here is a database with a few hundred thousand customer records from Verizon’s FIOS Department! It includes serial numbers, names, addresses, date they became a customer, password to their account, phone numbers, etc…
The Press has been notified, here is the exclusive: http://www.zdnet.com/exclusive-hacker-accesses-3m-verizon-wireless-customer-records-7000009151/
More articles on the hack:
The hack reportedly occurred on July 12, and the hacker informed ZDNet that he went public because Verizon had ignored his report of the vulnerability he uncovered and did not fix it. I’m guessing Verizon might be scrambling right now to find @TibitXimer’s previous correspondence and to address it.
And yes, sadly, all the data were reportedly in clear text.
Update: ZDNet updated their article to include a statement from Verizon:
Verizon spokesperson Alberto Canal told ZDNet in an emailed statement: “We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked.”
There’s no statement yet from Verizon FIOS, so it’s important to note that although this breach may appear to be a legitimate claim, it has not been confirmed at this time.
Update 2: Verizon is investigating and says they’ll get back to me soon, so I’m still treating this as unconfirmed at this point, but I hope to have more info soon.