More than 1.5 million Verizon Enterprise customers had their contact information leaked on an underground cybercrime forum this week, according to Brian Krebs, cybersecurity blogger. The company had identified a security flaw in its site that permitted hackers to steal customer contact information, and that it is in the process of alerting affected customers.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company told KrebsOnSecurity in an emailed statement. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
The irony in this breach, according to Krebs, is that Verizon Enterprise Solutions—the B2B unit of the telecommunications giant who serves most of the Fortune 500—is typically the one telling the rest of the world how these sorts of breaches take place. Krebs frequently recommend Verizon’s annual Data Breach Investigations Report (DBIR) because each year’s is chock full of interesting case studies from actual breaches, case studies that include hard lessons which mostly age very well (i.e., even a DBIR report from four years ago has a great deal of relevance to today’s security challenges).
Read the full report at KrebsonSecurity.com