Hacker Claims to Have Scooped 3M Verizon Customer Records, Verizon Denies
December 24, 2012 2:22 PM
comment(s) - last by
(Source: Jason Mick/DailyTech LLC)
ISP says no "breach" occurred, but that a small, mostly harmless leak did happen
The mystery is growing in the case of a hacker named TibitXimer, who claimed to have copied (
) 3 million records from Verizon Wireless's customer database (records which included passwords, names, home addresses, email addresses, and
device serial numbers
all of which was stored in plaintext).
Initially, TibitXimer posted a subsection of the cache -- 300,000 entries -- to a Pastebin in typical hacker fashion. But the plot thickened when the Pastebin post was deleted,
The Next Web
, and the hacker's Twitter account was no longer listed as registered on Twitter (this indicates he deleted his account, or changed his name, as typically Twitter account suspensions yield a different error).
But then it came out that some of the accounts -- initially attributed to Verizon Communications Inc. (
) and Vodafone Group Plc. (
) -- were actually
Verizon FiOS subscribers
And Verizon comments:
This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers.
A security expert named
backs Verizon's claims, pointing out that much of the information first popped up in August, so the release last weekend was just a regurgitation of an old leak.
To be fair, TibitXimer himself/herself openly acknowledged in later posts that some of the data set came from FiOS subscribers, and the hacker always made it clear that the set was first obtained in July.
At this point there's not much to do, as there's no official route to seeing if your details were leaked. And to be fair to Verizon, whatever damage was done, was not directly its own doing. But hopefully the incident serves as a wakeup call to Verizon Communications/Verizon Wireless not to callously hand customer records or data to third party contractors without demand rigorous security compliance.
The Next Web 
This article is over a month old, voting and posting comments is disabled
RE: Oh, did we forgot to mention the imporant bit?
12/26/2012 12:57:31 PM
And thinking "outside the box" includes giving access to our passwords to third party groups? Ok.
RE: Oh, did we forgot to mention the imporant bit?
12/26/2012 1:53:03 PM
A good security system doesn't even store your password. It stores a hash - the result of a one-way mathematical function performed on your password. You type in the password, it runs it through the hash algorithm, and compares that hash with the one it has stored. If they match, then you typed in the correct password.
A better security system salts the password (adds some unique characters) before hashing. So unless you also know the salt, you can't even brute force the passwords with a rainbow table attack (that's where you do something like run every word in the dictionary through the hash algorithm and compare the resulting hashes with the those you've stolen).
"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer
Goatse Security iPad Hacker Found Guilty, Faces up to Five Years in Prison
November 21, 2012, 2:42 PM
Verizon Names Updated Internet Tiers "FiOS Quantum," Releases Pricing
June 18, 2012, 1:21 PM
AT&T's Gaping Hole Exposes 114,000 iPad 3G Buyers' Email Addresses
June 9, 2010, 5:55 PM
Retiree Sues Apple For $7,500 for Wiping Honeymoon Photos From His iPhone
November 30, 2015, 10:23 AM
iPhone 7 May Pack 3-4 GB Memory, More Storage; 4-Inch Comeback is Rumored
November 20, 2015, 10:12 PM
OnePlus One, OnePlus 2 Will Receive Android Marshmallow in Q1 2016
November 16, 2015, 9:58 AM
Lenovo Whoa: Motorola Droid MAXX 2 and Turbo 2 Break Cover in Leaks
October 26, 2015, 3:12 PM
Leak: Apple Preps for First Real Android App Foray With New Apple Music App
October 24, 2015, 1:59 PM
Pepsi Smartphone? Empty Calories Coming Soon to the Midrange
October 12, 2015, 11:41 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information