A database of contact data for a whole lot of Verizon workers is within the fingers of cybercriminals, after a member of workers was duped into granting a hacker entry to their work PC.
The revelation of a knowledge breach comes from safety journalist Lorenzo Franceschi-Bicchierai of Vice, who describes how an nameless hacker contacted him earlier this month to brag about what that they had achieved:
“These workers are idiots and can permit you to connect with their PC beneath the guise that you’re from inside assist,” the hacker instructed Franceschi-Bicchierai in a web based chat.
The compromised knowledge included the complete title, electronic mail tackle, company ID quantity, and telephone variety of a whole lot of Verizon workers members. Though Franceschi-Bicchierai was unable to substantiate that all the data was up-to-date, he was in a position to confirm the legitimacy of a few of the knowledge by calling telephone numbers that had been uncovered, and asking people who answered to substantiate their names and electronic mail tackle.
Based on the hacker, having tricked a Verizon worker into granting them entry to their company laptop, they have been then in a position to entry an inside firm instrument to retrieve worker data, and scraped the database with a script.
In an extortion electronic mail to Verizon, the hacker claims to have requested a $250,000 reward for his or her efforts, threatening to leak the worker database on-line:
Please be at liberty to reply with a suggestion to not leak you’re [sic] complete worker database
Verizon confirmed to Vice that it had been contacted by the hacker, however downplayed the importance of the breach:
“A fraudster lately contacted us threatening to launch available worker listing data in alternate for cost from Verizon. We don’t consider the fraudster has any delicate data and we don’t plan to interact with the person additional. As all the time, we take the safety of Verizon knowledge very severely and we’ve robust measures in place to guard our individuals and methods.”
It is correct that the breach would have been worse if it had included extra delicate data. As an example, banking particulars, social safety numbers, passwords, and the like would have probably made the breach extra severe.
However I do not assume Verizon is true to say that the knowledge shouldn’t be thought of delicate. Within the fingers of a fraudster the small print could possibly be used to help within the impersonation of a Verizon worker with out an excessive amount of issue, as an example, which may result in the duping of but extra members of workers into releasing maybe yet-more delicate knowledge.
Moreover, as Franceschi-Bicchierai factors out, lately hackers have managed to launch SIM swap assaults that hijack cellphone numbers, and may result in the interception of calls and SMS messages, after which the compromise of on-line accounts.
Verizon and different corporations would do nicely to coach their workers concerning the threat of being duped by somebody posing as a member of the IT staff, and all the time double-check earlier than granting permission for another person to entry their laptop remotely.
