A Verizon employee database was recently compromised with the hacker holding it for a $250,000 ransom. Verizon says it doesn’t believe it contains “any sensitive information” and stopped communication with the hacker. However, the list of details including employee email addresses, phone numbers, and more could present a risk for future attacks.
Reported by Motherboard (via The Verge) an anonymous hacker recently obtained a database containing Verizon employee information including full names, company ID numbers, email addresses, and phone numbers.
It’s uncertain how current the information is, but Motherboard called multiple people on the list and confirmed that four they got in touch with work at Verizon. “Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.”
The anonymous hacker told Motherboard they “obtained the data by convincing a Verizon employee to give them remote access to their corporate computer.”
That allowed the hacker to access Verizon’s internal systems and obtain the employee database. Then they told Verizon they wanted $250,000 to not leak the information.
Verizon officially responded to Motherboard about the incident:
As noted by Motherboard, even though the information may not be deemed sensitive, the list of Verizon employee phone numbers, email addresses, and company ID numbers could be used to impersonate employees to attempt social engineering and SIM swap attacks.
Recently, T-Mobile saw a security breach that came through compromised employee accounts.
- T-Mobile breached by cybercrime group LAPSUS$ through compromised employee accounts