Over the weekend, a hacker reached out to ZDNet and originally informed them that he had accessed some 3 million Verizon Wireless customer records through a security exploit in one of their systems. He claims that he initially tried to point out the issue to Verizon over the summer, but since they failed to respond directly to him, he decided to release about 300,000 of the records to Pastebin. The records include names, addresses, serial numbers, account opening dates, and passwords, likely all from in and around the Pennsylvania area.
Verizon doesn’t appear to be on the same page, assuring us that these were not from their Wireless business, but from the Wireline or FiOS side of things.
Verizon spokesperson Bill Kula responded by saying that the data posted was not in fact “Wireless” customers and that their “systems have not been hacked.” Kula also said that many of the details surrounding this “incident” are exaggerated and incorrect, that no “root” access was gained, and that they took immediate steps to safeguards individuals’ information some time ago.
Update: Here is the full statement from Verizon, some of which was removed from ZDNet’s report:
“The ZDNet story is inaccurate. We take any attempts to violate consumer and customer privacy and security very seriously. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. Nonetheless, we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.”
A report out of TheNextWeb confirms that the customers on this list were Wireline (FiOS) and not Wireless. Verizon is also pushing the blame onto a marketing firm who apparently doesn’t know how to handle sensitive information. We’re just wondering why a marketing firm needs your FiOS password and also why Verizon is willing to allow them to “copy” it.
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers.
Ugh. Again, feel free to change your password.