Hacker demands $250,000 for Verizon info exposed online – media
A hacker has allegedly stolen the employee data of hundreds of Verizon workers, including names, emails, phone numbers, and corporate ID numbers, Motherboard reported on Thursday. The outlet verified the database’s legitimacy by calling several of the numbers included.
The hacker claimed to have obtained the data by posing as internal support, convinced an employee to permit remote access, and then deployed a script that copied data from the targeted computer.
“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” the hacker told Motherboard when they initially made contact last week, describing how they stole the information. They had also reached out to Verizon, asking for $250,000 to keep the database’s contents secret.
“Please feel free to respond with an offer not to leak you’re [sic] entire employee database,” they wrote.
While the communications company confirmed it had spoken with the individual – whom they referred to as a “fraudster” rather than a hacker – Verizon claimed the person had no “sensitive information” and said they would not engage further.
Instead, they praised their internal security and insisted they had “strong measures” in place to protect their people and systems. However, given that at least some of the employee information is current, it still poses a danger to customers and workers alike from SIM swapping and social engineering attacks. Hackers could potentially log in using stolen credentials and pose as Verizon employees, convincing Verizon users to turn over their own personal information and spawning another level of fraud.
Verizon has been plagued by hackers on both the employee and customer ends recently, with a plague of spoofed texts late last year targeting users from their own Verizon phone numbers with phishing links. Users of the company’s Visible service also reported being hacked in October, a problem Verizon initially insisted did not exist before shifting to blaming customers for reusing passwords they had used elsewhere.
As many as 14 million Verizon user records were left unsecured on an Amazon server controlled by Israeli company Nice Systems in 2017, including logs of customers who’d reached out to customer service, their cell phone numbers and account PINs.
Verizon defended Nice Systems, insisting the insecure storage was an accident and claiming the only access to the sensitive data was by a researcher who brought the security breach to their attention.