Ironically, a B2B unit of Verizon called Verizon Enterprise Solutions, which assists Fortune 500 companies in responding to major data breaches, recently suffered a setback of its own when a hacker took advantage of a security flaw on the site and compromised customer data, according to a report by Krebs On Security.
An underground cybercrime forum was advertising the sale of a new database, which included the contact information of about 1.5 million Verizon Enterprise Solutions customers. Indeed, enterprise customers, rather than individual consumers, were the victims of the breach.
The asking price for the database of hacked information: a whopping $100,000, according to Brian Krebs. However, the promotion was also offering up many of those records for $10,000 each. Confidential information about vulnerabilities on Verizon's Web site were also up for grabs.
Since up to 99 percent of Fortune 500 companies enlist the help of Verizon Enterprise Solutions to bolster security, according to Verizon's page at Wikipedia and as noted by Krebs, this breach could potentially open doors to more vulnerabilities at mega companies in the future — making them “easy marks for phishing and other targeted attacks," writes Krebs.
Verizon Enterprise Solutions told Krebs that a security flaw in its site allowed a hacker to steal customer contact information. The company says the attacker stole basic contact information for a number of enterprise customers, but no Customer Proprietary Network Information (CPNI), which is the information that telephone companies gather related to time, date, duration and destination of phone calls, was compromised.
The vulnerability did not leak any data on consumer customers, Verizon said in a statement, as reported by Reuters. The flaw on Verizon Enterprise Solutions' Web site has reportedly been fixed, and affected customers are being notified by the company.