Hacker Claims to Have Scooped 3M Verizon Customer Records, Verizon Denies
December 24, 2012 2:22 PM
comment(s) - last by
(Source: Jason Mick/DailyTech LLC)
ISP says no "breach" occurred, but that a small, mostly harmless leak did happen
The mystery is growing in the case of a hacker named TibitXimer, who claimed to have copied (
) 3 million records from Verizon Wireless's customer database (records which included passwords, names, home addresses, email addresses, and
device serial numbers
all of which was stored in plaintext).
Initially, TibitXimer posted a subsection of the cache -- 300,000 entries -- to a Pastebin in typical hacker fashion. But the plot thickened when the Pastebin post was deleted,
The Next Web
, and the hacker's Twitter account was no longer listed as registered on Twitter (this indicates he deleted his account, or changed his name, as typically Twitter account suspensions yield a different error).
But then it came out that some of the accounts -- initially attributed to Verizon Communications Inc. (
) and Vodafone Group Plc. (
) -- were actually
Verizon FiOS subscribers
And Verizon comments:
This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers.
A security expert named
backs Verizon's claims, pointing out that much of the information first popped up in August, so the release last weekend was just a regurgitation of an old leak.
To be fair, TibitXimer himself/herself openly acknowledged in later posts that some of the data set came from FiOS subscribers, and the hacker always made it clear that the set was first obtained in July.
At this point there's not much to do, as there's no official route to seeing if your details were leaked. And to be fair to Verizon, whatever damage was done, was not directly its own doing. But hopefully the incident serves as a wakeup call to Verizon Communications/Verizon Wireless not to callously hand customer records or data to third party contractors without demand rigorous security compliance.
The Next Web 
This article is over a month old, voting and posting comments is disabled
RE: Oh, did we forgot to mention the imporant bit?
12/26/2012 1:53:03 PM
A good security system doesn't even store your password. It stores a hash - the result of a one-way mathematical function performed on your password. You type in the password, it runs it through the hash algorithm, and compares that hash with the one it has stored. If they match, then you typed in the correct password.
A better security system salts the password (adds some unique characters) before hashing. So unless you also know the salt, you can't even brute force the passwords with a rainbow table attack (that's where you do something like run every word in the dictionary through the hash algorithm and compare the resulting hashes with the those you've stolen).
"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive
Goatse Security iPad Hacker Found Guilty, Faces up to Five Years in Prison
November 21, 2012, 2:42 PM
Verizon Names Updated Internet Tiers "FiOS Quantum," Releases Pricing
June 18, 2012, 1:21 PM
AT&T's Gaping Hole Exposes 114,000 iPad 3G Buyers' Email Addresses
June 9, 2010, 5:55 PM
Microsoft Announces the First Steps in Its "Universal Apps" Program
April 15, 2014, 7:59 PM
Amazon Fire Phone Prototype Leaks, Will Feature 3D Camera Interface
April 15, 2014, 1:33 PM
Toshiba's $1,500 Satellite P55t Notebook Supports 4K Resolution
April 15, 2014, 10:27 AM
Xbox One April Update Now Available
April 15, 2014, 9:13 AM
Windows Phone 8.1 Developer Preview Goes Live
April 14, 2014, 4:46 PM
Report: Eight More Nokia Microsoft Phones Waiting in the Wings
April 14, 2014, 2:22 PM
Most Popular Articles
Cities to Carpoolers: Sharing Your Car is Illegal, We Will Seize Your Cars
April 4, 2014, 9:17 PM
Taiwan's AOU Claims to Have World's Highest-Res. OLED Smartphone Display
April 11, 2014, 1:44 PM
Navy Prepares for Historic First Live Test of a Rail Gun at Sea in 2016
April 9, 2014, 2:06 PM
It's Very Likely Neanderthals and Humans Had Sex, Produced Offspring
April 10, 2014, 8:40 PM
Cops at Historically Troubled LAPD are Sabotaging Digital Recording Devices
April 9, 2014, 11:10 PM
Latest Blog Posts
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information