Verizon downplays database hacked and held for ransom, security risk could remain

A Verizon employee database was recently compromised with the hacker holding it for a $250,000 ransom. Verizon says it doesn’t believe it contains “any sensitive information” and stopped communication with the hacker. However, the list of details including employee email addresses, phone numbers, and more could present a risk for future attacks.

Reported by Motherboard (via The Verge) an anonymous hacker recently obtained a database containing Verizon employee information including full names, company ID numbers, email addresses, and phone numbers.

It’s uncertain how current the information is, but Motherboard called multiple people on the list and confirmed that four they got in touch with work at Verizon. “Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.”

The anonymous hacker told Motherboard they “obtained the data by convincing a Verizon employee to give them remote access to their corporate computer.”

That allowed the hacker to access Verizon’s internal systems and obtain the employee database. Then they told Verizon they wanted $250,000 to not leak the information.

Verizon officially responded to Motherboard about the incident:

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. “As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”

As noted by Motherboard, even though the information may not be deemed sensitive, the list of Verizon employee phone numbers, email addresses, and company ID numbers could be used to impersonate employees to attempt social engineering and SIM swap attacks.

Recently, T-Mobile saw a security breach that came through compromised employee accounts.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news: