A hacker stole a database including hundreds of Verizon workers' complete names, email addresses, corporate ID numbers, and phone numbers. By calling phone numbers in the database, Motherboard was able to confirm that at least part of the data is genuine. Four persons confirmed their complete identities and email addresses, as well as their employment at Verizon. It's uncertain whether all of the info is correct or up to date.
Another person validated the information and stated that she used to work for the company. A dozen more numbers received voicemails that included the names in the database, implying that they are also correct.
Last week, the hacker contacted Motherboard to provide the information.
The data was obtained, according to the unidentified hacker, by convincing a Verizon employee to grant them remote access to their company computer. At that time, the hacker claimed to have gotten access to a Verizon internal tool that displays employee data and to have developed a script to query and scrape the database.
“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” they told Motherboard in an online chat.
The hacker stated they reached out to Verizon and shared the email that he sent to the company.
“Please feel free to respond with an offer not to leak you’re [sic] entire employee database,” the hacker wrote in the email, according to a screenshot of it.
The hacker stated they would like Verizon to pay them $250,000 as a reward.
A Verizon spokesperson confirmed the hacker has been in contact with the company.
“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email.
“As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”
While the stolen information does not include Social Security numbers, passwords, or credit card details, it is nonetheless potentially harmful. It might be beneficial for hackers who wish to target corporate employees—or mimic one while speaking with another—in order to get access to internal tools.
An attack of this type would offer hackers the opportunity to impersonate Verizon personnel and, if successful, complete access to networks that would allow them to look up individuals' information and transfer their phone numbers, a practice known as SIM swapping.
For years, hackers have gained access to victims' phone numbers, allowing them to change the target's email password, for example. As a result, the hackers get access to the victim's bank or cryptocurrency account. Hundreds, if not thousands, of people have been victimised by this type of breach in recent years.
Several persons have been arrested and indicted in the United States for allegedly participating in these types of cyberattacks.