One of the major carriers in the United States, Verizon, appears to be the victim of a data breach that allegedly affects millions of customers.
The SafetyDetectives cybersecurity team discovered a forum post on the clear web announcing a data dump that allegedly contained the records of between 7.5 million and 9 million Verizon cellular and home internet customers.
According to the claims of the forum post, the information was “stolen by hackers” in January 2023.
While the information in the logs does not appear to be particularly sensitive, according to our researcher, some of the data points could be merged with other leaks to significantly impact customers. Forum administrators claim that 14,919,292,019 records belonging to 887 data sets have been verified to date, although the claimed Verizon database is not listed. Many other databases have been published and are available for download that are not verified.
The team’s investigation revealed that the data dump contains data sets purportedly related to approximately 1.5 million 2020 home internet customers, along with approximately 7.5 million 2021 and 2022 cellular plan subscribers.
The forum post also mentions “Hashing: SHA256”, which indicates a level of encryption. However, according to our researcher, only two columns in two separate data tables were coded. The database, as a whole, was not protected by hash encryption.
Our investigator believes that the leaked database contains data stored by Verizon prior to January 2022. SafetyDetectives reached this conclusion regarding the time period due to hidden clues in the file names contained in the logs. However, we cannot be conclusive with these indicators alone.
The database size is approximately 2.23 GB.
The second table supposedly contains data belonging to users of cellular networks. There appear to be records related to customer hashes, device types, rewards and discounts, and whether or not subscribers are signed up for services, including Apple Music, Disney+, YouTube TV, and Verizon cloud services.
The offensively named forum member first joined in October 2022 and has since posted nearly 500 times. Unlike many users who appear out of nowhere on these types of forums, there may be more credibility attributable to this member due to their volume of posts and high reputation rating.
The alleged database was made available for download via an open link and without a paywall.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies like Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad