December 24, 2012
Data Purportedly Stolen From Verizon Customers Briefly Posted Online
redOrbit Staff & Wire Reports - Your Universe Online
Information supposedly belonging to 300,000 Verizon Wireless and/or FiOS customers, allegedly obtained months ago and recently posted online by a hacker, has disappeared, along with the individual claiming responsibility for the attack.
The bizarre story goes like this: the hacker, who used the Twitter handle @TibitXimer, told ZDNet reporters Saturday he hacked Verizon on July 12. He said he and a second hacker had exploited a vulnerability in their network to gain root access to the server housing the company's customer data.
The hacker also said he had managed to download over three million customer entries, including names, addresses, account numbers and mobile serial numbers from Verizon. He said he chose to post a fraction of the stolen information, which reportedly was not encrypted and was stored in plain text, on the code-sharing website Pastebin after the company ignored a bug report he sent in warning them to fix the vulnerability.
Initial reports said the information belonged to Verizon Wireless customers, but according to VentureBeat's Meghan Kelly, the company "quickly stepped in to say that the amount of accounts claimed to be compromised was exaggerated and that the hacker was spreading false information." The hacker then "turned around and revised the story, saying that the millions of accounts actually belong to Verizon FiOS customers, not Verizon Wireless," she added.
The final twist in the story came on Sunday morning, when "the hacker claiming responsibility for the attack and the purloined data posted to Pastebin“¦ disappeared from the Web," John P. Mello Jr. of PCWorld.com said.
He said the data had apparently been completely removed from the website, and a search for the hacker's Twitter account returned an advisory that the page in question did not exist. It is believed the social network suspended the individual's account following his hacking claims.
Mello added that Adam Caudill, a security researcher who had viewed the information before it vanished had posted on Twitter that the allegedly new customer information was actually from a file that had first been posted back in August. He added he "strongly" suspected it was from "a telemarketing file" or something similar.
According to Kelly, Verizon released a statement saying "many of the details surrounding this incident are incorrect and exaggerated," that "no Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported," and the incident had been "reported to the authorities when we first learned of it months ago."
"We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case," they added.