Recently a Verizon employee database was compromised with the hacker holding it for a $250,000 ransom. Verizon states it doesn’t believe the content contains “any sensitive information”, and has ceased communications with the the hacker.
However, the list of details does include employee email addresses, phone numbers and more that may present a risk for future attacks.
Verizon Employee Database Hacked
In a report by Motherboard via The Verge, an anonymous hacker obtained access to a database containing Verizon employee information. This includes full names, company ID numbers, email addresses and phone numbers.
While it unclear how current the information is, Motherboard called multiple people affected by the hack and confirmed that four of the individuals do work for Verizon. Motherboard stated, “Around a dozen other numbers returned voicemails that included the names in the database, suggesting that those are also accurate”.
The anonymous hacker informed Motherboard that they “obtained the data by convincing a Verizon employee to give them remote access to their corporate computer”. The hacker also described the employees as “idiots”.
Through this deceit, the hacker gained access to Verizon’s internal systems and obtained the employee database. Additionally, after obtaining the database, the hacker informed Verizon they wanted $250,000 to not leak the information.
In a response to Motherboard, Verizon stated,
“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. “As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”
Motherboard notes that while Verizon may not deem the information sensitive, the information given out could potentially stir trouble. Employee’s phone numbers, email addresses and company ID numbers could find a use impersonating employees in an attempt to social engineering and SIM swap attacks.
The release of this information could in turn create more situations such as the one presented. Again, the hacker obtained this data through social engineering.