2 min read

Hacker steals Verizon employee database after tricking worker into granting remote access

Graham CLULEY

May 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hacker steals Verizon employee database after tricking worker into granting remote access

A database of contact information for hundreds of Verizon employees is in the hands of cybercriminals, after a member of staff was duped into granting a hacker access to their work PC.

The revelation of a data breach comes from security journalist Lorenzo Franceschi-Bicchierai of Vice, who describes how an anonymous hacker contacted him earlier this month to brag about what they had achieved:

"These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support," the hacker told Franceschi-Bicchierai in an online chat.

The compromised data included the full name, email address, corporate ID number, and phone number of hundreds of Verizon staff members.  Although Franceschi-Bicchierai was unable to confirm that all of the information was up-to-date, he was able to verify the legitimacy of some of the data by calling phone numbers that had been exposed, and asking individuals who answered to confirm their names and email address.

According to the hacker, having tricked a Verizon employee into granting them access to their corporate computer, they were then able to access an internal company tool to retrieve employee information, and scraped the database with a script.

In an extortion email to Verizon, the hacker claims to have requested a $250,000 reward for their efforts, threatening to leak the employee database online:

Please feel free to respond with an offer not to leak you’re [sic] entire employee database

Verizon confirmed to Vice that it had been contacted by the hacker, but downplayed the significance of the breach:

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further. As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”

It's accurate that the breach would have been worse if it had included more sensitive information.  For instance, banking details, social security numbers, passwords, and the like would have potentially made the breach more serious.

But I don't think Verizon is right to say that the information should not be considered sensitive.  In the hands of a fraudster the details could be used to assist in the impersonation of a Verizon employee without too much difficulty, for instance, which could lead to the duping of yet more members of staff into releasing perhaps yet-more sensitive data.

Furthermore, as Franceschi-Bicchierai points out, in recent years hackers have managed to launch SIM swap attacks that hijack cell phone numbers, and can lead to the interception of calls and SMS messages, and then the compromise of online accounts.

Verizon and other companies would do well to train their staff about the risk of being duped by someone posing as a member of the IT team, and always double-check before granting permission for someone else to access their computer remotely.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read
Code-Signing Certificates Stolen in GitHub Breach Code-Signing Certificates Stolen in GitHub Breach
Vlad CONSTANTINESCU

January 31, 2023

1 min read