2 min read

Hacker steals Verizon employee database after tricking worker into granting remote access

Graham CLULEY

May 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hacker steals Verizon employee database after tricking worker into granting remote access

A database of contact information for hundreds of Verizon employees is in the hands of cybercriminals, after a member of staff was duped into granting a hacker access to their work PC.

The revelation of a data breach comes from security journalist Lorenzo Franceschi-Bicchierai of Vice, who describes how an anonymous hacker contacted him earlier this month to brag about what they had achieved:

"These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support," the hacker told Franceschi-Bicchierai in an online chat.

The compromised data included the full name, email address, corporate ID number, and phone number of hundreds of Verizon staff members.  Although Franceschi-Bicchierai was unable to confirm that all of the information was up-to-date, he was able to verify the legitimacy of some of the data by calling phone numbers that had been exposed, and asking individuals who answered to confirm their names and email address.

According to the hacker, having tricked a Verizon employee into granting them access to their corporate computer, they were then able to access an internal company tool to retrieve employee information, and scraped the database with a script.

In an extortion email to Verizon, the hacker claims to have requested a $250,000 reward for their efforts, threatening to leak the employee database online:

Please feel free to respond with an offer not to leak you’re [sic] entire employee database

Verizon confirmed to Vice that it had been contacted by the hacker, but downplayed the significance of the breach:

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further. As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”

It's accurate that the breach would have been worse if it had included more sensitive information.  For instance, banking details, social security numbers, passwords, and the like would have potentially made the breach more serious.

But I don't think Verizon is right to say that the information should not be considered sensitive.  In the hands of a fraudster the details could be used to assist in the impersonation of a Verizon employee without too much difficulty, for instance, which could lead to the duping of yet more members of staff into releasing perhaps yet-more sensitive data.

Furthermore, as Franceschi-Bicchierai points out, in recent years hackers have managed to launch SIM swap attacks that hijack cell phone numbers, and can lead to the interception of calls and SMS messages, and then the compromise of online accounts.

Verizon and other companies would do well to train their staff about the risk of being duped by someone posing as a member of the IT team, and always double-check before granting permission for someone else to access their computer remotely.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Drunk worker loses USB stick containing details of every resident of his city Drunk worker loses USB stick containing details of every resident of his city
Graham CLULEY

June 27, 2022

3 min read
Researcher Discovers New MFA-bypassing Phishing Technique Based on Microsoft WebView2 Researcher Discovers New MFA-bypassing Phishing Technique Based on Microsoft WebView2
Vlad CONSTANTINESCU

June 27, 2022

2 min read
Internet Service Providers Help Spyware Vendor Infect iOS and Android Devices Internet Service Providers Help Spyware Vendor Infect iOS and Android Devices
Vlad CONSTANTINESCU

June 24, 2022

2 min read