Amid privacy scandals, mobile company denies hacker has sensitive information
A hacker allegedly stole the employee data of hundreds of Verizon employees, including names, emails, phone numbers and corporate identification numbers, Motherboard reported Thursday. The outlet verified the legitimacy of the database by calling several of the numbers included.
The hacker claimed to have obtained the data by posing as internal support, convinced an employee to allow remote access, and then deployed a script that copied the data from the targeted computer.
“These employees are idiots and will allow you to log into their PCs under the pretext that you are internal support”, the hacker told Motherboard during their first contact last week, describing how they stole the information. They had also contacted Verizon, asking for $250,000 to keep the contents of the database secret.
“Please don’t hesitate to respond with an offer not to disclose that you are [sic] entire employee database,” they wrote.
While the communications company confirmed it had spoken with the individual – who they were calling a “fraudster” rather than a hacker – Verizon claimed the person had no “sensitive information” and said they would not engage further.
Instead, they praised their homeland security and insisted they had “Strong measures” in place to protect their people and systems. However, since at least some of the employee information is up-to-date, it still poses a danger to customers and workers due to SIM swapping and social engineering attacks. Hackers could potentially log in using stolen credentials and impersonate Verizon employees, convincing Verizon users to provide their own personal information and spawning another level of fraud.
Verizon has recently been plagued by hackers on the employee and customer side, with a spoof text invasion late last year targeting users from their own Verizon phone numbers with “Phishing” connections. Users of the company’s Visible service also reported being hacked in October, a problem Verizon initially insisted did not exist before blaming customers for reusing passwords they had used elsewhere. .
READ MORE: US 5G rollout curtailed due to flight safety concerns
As many as 14 million Verizon user records were not secured on an Amazon server controlled by Israeli company Nice Systems in 2017, including logs of customers who contacted customer service, their cell phone numbers and account PINs.
Verizon defended Nice Systems, insisting the insecure storage was an accident and saying the only access to the sensitive data was by a researcher who brought the security breach to their attention.