How safe are the data we put in the hands of commercial service providers in confidence? Not too safe. A recent leak of 300,000 Verizon customer data by a hacker proved this again. And, this is just the tip of the iceberg. The said hacker has gotten hold of 3 million customer records by breaching Verizon servers.
The news, first published in ZDNet, gave the impression that the data was of Verizon Wireless customers. But, Verizon denied the claims after examining the leaked data. In an emailed statement, Verizon spokesperson Alberto Canal said, “We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked.”
The hacker, who goes by the name @TibitXimer on Twitter (the account seems to have gone offline), said in a later tweet that the customer data seems to belong to Verizon FiOS fiber division.
According to TibitXimer, the data was originally acquired in July 12 after gaining root access to Verizon’s server. To his surprise, the data was stored in plain text. He notified Verizon about the exploit. But, the response from Verizon’s end was cold, and it failed to fix the vulnerability. This led TibiXimer leak part of the customer records (10% of the total data acquired).
The leaked data represents a region including Pennsylvania and possibly two more states around it. The customer data include “names, addresses, mobile serial numbers, the opening date of each account, and account passwords.”
TibiXimer hopes that the leak will be enough to alert Verizon. If it fails, TibitXimer might decide to “leak the rest later.”