DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements)

Posted on December 22, 2012 by Dissent

Update Sunday 3:34 pm:  In response to follow-up questions, Verizon spokesperson Alberto Canal informed this site last night:

Some were Verizon customers, most were not. In regards to the number of individuals, the total was about 10% of what was originally reported. In answer to your question about a vulnerability: No there was not. There was no vulnerability exploited. The data posted was related to 3rd Party Telemarketer Sales Lead Lists. That issue was addressed immediately once we were made aware of the issue.

Adam Caudill nailed this one correctly on Twitter when he said that the data were from a data dump in August and that it looked like it came from a marketing leads list. Emil Protalinski of The Next Web got pretty much the same statements I got from Verizon, but with this addition:

A third party marketing firm made a mistake and information was copied.

So it appears that it was never Verizon’s breach to begin with but a third party’s leak.

Another reminder not to just believe hacker’s claims.

Update Saturday 10:22 pm:  Verizon just sent me the following statement:

“The ZDNet story is inaccurate. We take any attempts to violate consumer and customer privacy and security very seriously. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.

Nonetheless, we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.”

Original story:

From the This-Sounds-Embarrassing Dept., Charlie Osborne and Zack Whittaker report on a hack of Verizon FIOS by a hacker, @TibitXimer, who posted a statement on Pastebin:

Hope you all are enjoying your holidays, I just wanted you all to open a present early, so here is a database with a few hundred thousand customer records from Verizon’s FIOS Department! It includes serial numbers, names, addresses, date they became a customer, password to their account, phone numbers, etc…

The Press has been notified, here is the exclusive: http://www.zdnet.com/exclusive-hacker-accesses-3m-verizon-wireless-customer-records-7000009151/

More articles on the hack:
http://thenextweb.com/insider/2012/12/23/hacker-claims-to-have-swiped-3m-verizon-customer-records-stored-in-plain-text-leaks-10-as-proof/
http://gizmodo.com/5970814/hacker-leaks-300000-version-customer-records-and-claims-to-have-millions-more

The hack reportedly occurred on July 12, and the hacker informed ZDNet that  he went public because Verizon had ignored his report of the vulnerability he  uncovered and did not fix it.  I’m guessing Verizon might be scrambling right now to find @TibitXimer’s previous correspondence and to address it.

And yes, sadly, all the data were reportedly in clear text.

Update: ZDNet updated their article to include a statement from Verizon:

Verizon spokesperson Alberto Canal told ZDNet in an emailed statement: “We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked.”

There’s no statement yet from Verizon FIOS, so it’s important to note that although this breach may appear to be a legitimate claim, it has not been confirmed at this time.

Update 2: Verizon is investigating and says they’ll get back to me soon, so I’m still treating this as unconfirmed at this point, but I hope to have more info soon.

Category: Breach IncidentsBusiness SectorOf NoteU.S.

Post navigation

← Five breaches newly disclosed by HHS's breach tool
Stolen health information affects 4,000 University of Michigan Health System patients (updated) →

2 thoughts on “Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements)”

  1. AK says:
    December 24, 2012 at 2:50 am

    Stole my credit card number and charged up $1,000s in August.
    The bank does not know how they got the info.
    I have Verizon FIOS and live in PA.
    And I keep getting phony Phone calls everyday.
    Verizon I need a notice so I can file a fraud report.

    1. admin says:
      December 24, 2012 at 8:34 am

      There were no credit card numbers or financial data in the August data dump – or this one. Verizon says it was a marketing sales leads list in the possession of another company that got leaked and copied – not one of their customer databases from their servers.

      It would seem that Verizon is likely not the source of the fraudulent charges you incurred in August, but there were so many breaches this year that it may be hard to know how/where your details got compromised.

      Did you ask your bank whether they got fraud reports from other customers at around the same time you first reported your problem? There may be a local merchant who had gotten compromised. If so, the bank would likely also have received reports from others. Or if you ever re-used passwords, one of the humongous hacks this year may have given criminals your password to accounts that could lead to your details. There’s so many ways this could have happened.

      If you haven’t filed a police report already, you should – to create a record that you reported this not only to your bank but to the police.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.