Information in the database could be utilised in social engineering and SIM switching attacks. A hacker stole a database containing hundreds of Verizon employees’ full names, email addresses, corporate ID numbers, and phone numbers.
It’s uncertain whether all of the information is correct or up to date. By dialling phone numbers in the database, Motherboard was able to confirm that at least some of the information is accurate.
Four people indicated they work at Verizon and confirmed their full identities and email addresses. Another person validated the information and claimed to have previously worked for the corporation. A dozen or so other phone lines returned voicemails that included the names in the database, implying that they are also correct.
Last week, the hacker contacted Motherboard to provide the information. The data was obtained by persuading a Verizon employee to grant them remote access to their company’s computer, according to the unnamed hacker. The hacker claimed to have acquired access to a Verizon internal tool that displays employee information and had written a script to query and scrape the database at that time.
“These personnel are fools,” they told Motherboard in an online conversation. “They will allow you to access to their PC under the premise that you are from internal support.” According to the hacker, they contacted Verizon and shared the email he sent to the firm.
According to a snapshot of the email, the hacker stated, “Please feel free to answer with an offer not to release you’re [sic] whole personnel database.”
Verizon should give the hacker $250,000 as a prize, according to the hacker.
The hacker has been in contact with Verizon, according to a Verizon representative.
“We were recently contacted by a scammer who threatened to expose publicly available employee directory information in return for money from Verizon. In an email to Motherboard, the spokesman said, “We do not believe the fraudster has any critical information, and we have no plans to engage with the individual further.” “As always, we take the security of Verizon data very seriously, and we’ve put in place rigorous safeguards to keep our people and data safe.
Despite the fact that the database does not contain sensitive information such as Social Security numbers, passwords, or credit card numbers, the stolen material is nonetheless harmful. Criminals who want to target firm employees—or impersonate an employee while speaking with another—might find it beneficial in gaining access to internal tools. An assault like this would allow hackers to mimic Verizon personnel and, if successful, gain complete access to networks that would allow them to look up individuals’ information and switch their phone numbers, a practise known as SIM swapping.
Hackers have had control of victims’ phone numbers for years, allowing them, for example, to reset the target’s email password. As a result, the hackers have access to the victim’s bank account or cryptocurrency wallet. In the last few years, hundreds, if not thousands, of people have been victims of this type of hack.
Several persons have been arrested and indicted in the United States for allegedly participating in such hacks, sometimes with the help of company insiders.
