(Source: Jason Mick/DailyTech LLC)
ISP says no "breach" occurred, but that a small, mostly harmless leak did happen

The mystery is growing in the case of a hacker named TibitXimer, who claimed to have copied (probably illegally) 3 million records from Verizon Wireless's customer database (records which included passwords, names, home addresses, email addresses, and device serial numbers all of which was stored in plaintext).

Initially, TibitXimer posted a subsection of the cache -- 300,000 entries -- to a Pastebin in typical hacker fashion.  But the plot thickened when the Pastebin post was deleted, as noted by The Next Web, and the hacker's Twitter account was no longer listed as registered on Twitter (this indicates he deleted his account, or changed his name, as typically Twitter account suspensions yield a different error).

But then it came out that some of the accounts -- initially attributed to Verizon Communications Inc. (VZ) and Vodafone Group Plc. (LON:VOD) -- were actually Verizon FiOS subscribers.

And Verizon comments:

This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers.

A security expert named Adam Caudill backs Verizon's claims, pointing out that much of the information first popped up in August, so the release last weekend was just a regurgitation of an old leak.

To be fair, TibitXimer himself/herself openly acknowledged in later posts that some of the data set came from FiOS subscribers, and the hacker always made it clear that the set was first obtained in July.

Tbit on Twitter

At this point there's not much to do, as there's no official route to seeing if your details were leaked.  And to be fair to Verizon, whatever damage was done, was not directly its own doing.  But hopefully the incident serves as a wakeup call to Verizon Communications/Verizon Wireless not to callously hand customer records or data to third party contractors without demand rigorous security compliance.

Sources: The Next Web [1], [2]

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki