A BreachForums user under the alias IntelBroker claims to have posted the customer data of Verizon Communications on the forum. Verizon is yet to reply to requests from The Cyber Express to verify the authenticity of the data.
Commonly known as Verizon, the American multinational telecommunications conglomerate is a corporate component of the Dow Jones Industrial Average. According to Statista, Verizon has a retail customer base of approximately 143 million subscribers in 2021.
“In January 2023, a database of 7.5 million customers belonging to the Verizon was stolen by hackers,” claimed the post by IntelBroker. A sample of the hashed data posted indicates mobile and online subscription details.
The post, made on Friday, had the link to download the entire data tranche. IntelBroker’s present avatar has been active on the forum since October 2022. Its previous targets include Autotrader, Volvo, Hilton Hotels, and AT&T.
Verizon and data breaches
Independent researchers were analysing the sample data at the time of publishing this report. If the tranche turns out to be authentic, this would be the company’s second major data breach in the past 12 months.
Verizon in May 2022 confirmed a data breach where the full names, email addresses, corporate ID numbers, and phone numbers of Verizon employees were compromised. According to a report from Motherboard, the data was shared with the publication by the hacker who reached out to them.
The company popped up in cybersecurity news over a data breach five years before that.
In 2017, the telecommunication company conceded that the personal data of 6 million customers had been leaked online. The leak was caused by a misconfigured security setting on a cloud server, which was the result of “human error.”
The data, which included customer phone numbers, names, and some PIN codes, was publicly available online due to a mistake made by NICE Systems, an Israel-based company that Verizon was working with to facilitate customer service calls.
The data of telecommunication users was collected over a period of six months, and Verizon closed the security hole on June 22.