An enormous number of Verizon customers may have had their personal details leaked in a massive hack, according to a discovery by the folks over at Cybernews (via Phone Arena).
As detailed in the report, it appears as if one of Verizon’s largest Verizon Authorized Retailers has been compromised, leading to over 6 million customers’ and employees details being placed up for sale on the darkest corners of the internet.
Hack offers 61GB of data for $1,200
Russell Cellular is a large company with over 2,000 employees, with over 750 locations across the United States, and a not-insignificant role in the country’s telecommunications retail network. But, unfortunately, it’s now more likely to be known for an enormous data leak that’s left 6.3 million people’s data twisting in the wind.
Cybernews didn’t disclose where the data was to be found, for obvious reasons, but it showed screenshots of a post on a “well known hacker forum” offering 61GB of customer details for the sum of $1,200.
The hackers claim to offer a large amount of relevant data for the price, including the following:
- Full names
- Phone numbers
- Email addresses
- Account numbers
- Device identifiers, including ESN and IMEI/SN
- Invoice and tracking numbers
- Contract details
- Device models and selected tariff plans
- Employee usernames, passwords, and access roles
Samples seen by Cyber News corroborate these claims, as the data seems both professionally-structured and legitimate in nature. Passwords are available as plaintext, while others are hashed, which also suggests that access to the company’s internal systems is compromised.
While no customer wants to see their data leaked, it’s the employee data that is the scariest addition. According to Cybernews’ research team, this exposure not only threatens the company’s internal networks, but also could significantly increase the success rate of scams against employees and customers alike.
Credentials can be used to compromise internal systems, and possible credential stuffing attacks if employees reused the same passwords somewhere else … Also, there’s a risk of reconnaissance and social engineering attacks for both customers and employees.
It’s important to note that none of this has been confirmed to be real as of yet. Verizon is also aware of the leak, and has begun an investigation, and promises to share the results of such when they become available.
Verizon’s actions here are likely to be swift and decisive, as the company is planning to add a large number of customers this year, and the last thing it wants is for a hack like this to overshadow its efforts.
