Hacker Claims to Have Scooped 3M Verizon Customer Records, Verizon Denies
December 24, 2012 2:22 PM
comment(s) - last by
(Source: Jason Mick/DailyTech LLC)
ISP says no "breach" occurred, but that a small, mostly harmless leak did happen
The mystery is growing in the case of a hacker named TibitXimer, who claimed to have copied (
) 3 million records from Verizon Wireless's customer database (records which included passwords, names, home addresses, email addresses, and
device serial numbers
all of which was stored in plaintext).
Initially, TibitXimer posted a subsection of the cache -- 300,000 entries -- to a Pastebin in typical hacker fashion. But the plot thickened when the Pastebin post was deleted,
The Next Web
, and the hacker's Twitter account was no longer listed as registered on Twitter (this indicates he deleted his account, or changed his name, as typically Twitter account suspensions yield a different error).
But then it came out that some of the accounts -- initially attributed to Verizon Communications Inc. (
) and Vodafone Group Plc. (
) -- were actually
Verizon FiOS subscribers
And Verizon comments:
This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers.
A security expert named
backs Verizon's claims, pointing out that much of the information first popped up in August, so the release last weekend was just a regurgitation of an old leak.
To be fair, TibitXimer himself/herself openly acknowledged in later posts that some of the data set came from FiOS subscribers, and the hacker always made it clear that the set was first obtained in July.
At this point there's not much to do, as there's no official route to seeing if your details were leaked. And to be fair to Verizon, whatever damage was done, was not directly its own doing. But hopefully the incident serves as a wakeup call to Verizon Communications/Verizon Wireless not to callously hand customer records or data to third party contractors without demand rigorous security compliance.
The Next Web 
This article is over a month old, voting and posting comments is disabled
RE: Oh, did we forgot to mention the imporant bit?
12/26/2012 1:53:03 PM
A good security system doesn't even store your password. It stores a hash - the result of a one-way mathematical function performed on your password. You type in the password, it runs it through the hash algorithm, and compares that hash with the one it has stored. If they match, then you typed in the correct password.
A better security system salts the password (adds some unique characters) before hashing. So unless you also know the salt, you can't even brute force the passwords with a rainbow table attack (that's where you do something like run every word in the dictionary through the hash algorithm and compare the resulting hashes with the those you've stolen).
“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls
Goatse Security iPad Hacker Found Guilty, Faces up to Five Years in Prison
November 21, 2012, 2:42 PM
Verizon Names Updated Internet Tiers "FiOS Quantum," Releases Pricing
June 18, 2012, 1:21 PM
AT&T's Gaping Hole Exposes 114,000 iPad 3G Buyers' Email Addresses
June 9, 2010, 5:55 PM
New Photos Show “Assembled” iPhone 6, Protruding Camera Ring
August 20, 2014, 2:32 PM
ZTE Nubia 5S mini LTE 4.7" Smartphone Headed to U.S. for $280 Unlocked
August 20, 2014, 10:37 AM
AT&T Will Also Receive the HTC One (M8) for Windows
August 19, 2014, 9:27 PM
Sharp's "Edge-to-Edge" AQUOS Crystal Smartphone Coming to Sprint for $239 Off-Contract
August 19, 2014, 7:31 PM
After 34 Years With Microsoft, Steve Ballmer Parts Way to Focus on LA Clippers
August 19, 2014, 4:17 PM
HTC One (M8) for Windows Officially Announced for Verizon Wireless
August 19, 2014, 12:15 PM
Most Popular Articles
Lumia 830 Gets Major Upgrades Including New 20.1 Megapixel Toshiba Sensor
August 15, 2014, 6:00 PM
Windows Phone, BlackBerry Smartphone Market Share Falls to 2.5%, 0.5% Respectively
August 15, 2014, 9:44 AM
GM Concedes That the Cadillac ELR Doesn’t Really Compete with the Tesla Model S
August 15, 2014, 5:42 PM
Cell Phone Thief Calls 911 After Her Victim Chases Her and Her Male Cohort
August 14, 2014, 12:11 PM
Smarter Wired, Wireless Chargers Set to Shake Up Mobile Industry
August 14, 2014, 6:39 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information