1.5 Million Verizon Customer Records Put Up For Sale (arstechnica.com) 26
An anonymous reader writes: A customer database as well as information about Verizon security flaws were reportedly put up for sale by criminals this week after a data breach at Verizon Enterprise Solutions. According to KrebsOnSecurity, "a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise." The entire database was priced at $100,000, or $10,000 for each set of 100,000 customer records. "Buyers also were offered the option to purchase information about security vulnerabilities in Verizon's Web site," security journalist Brian Krebs reported. Verizon has apparently fixed the security flaws and has reassured its customers by saying "our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers" and that "no customer proprietary network information (CPNI) or other data was accessed or accessible."
Re: Come on, people! We need to start using Rust! (Score:1)
That's a load of horse shit. My old F-150 had rust all over it, and it didn't do shit for my security.
Re: (Score:2)
Old cars are the only place rust adds credibility.
For the rust dweebs, every language is hackable as long as it's written poorly.
What if most customer info was stored "near-line"? (Score:1)
Is it time for companies to keep most customer records "near-line" instead of "online"?
Yes, this may mean having the company put you on hold for a minute or two while your record gets moved from "near line" to "online" when you call for help, but at least "massive" data breaches will be "less massive."
Question: What's another major advantage of keeping records "near-line" besides fewer victims?
Answer: You can keep track of how many records are being moved in any given period of time and quickly respond if t
Re: (Score:2)
There's three states:
- internet
- intranet
- offline
I'm guessing the parent post meant "intranet" but didn't know that word.
Re: (Score:1)
Companies don't want to invest in actual security though as it costs them lots of money and usually makes a product less friendly.
"it costs the lots of money" vs "going bankrupt from the bad reputation and lawsuits resulting from multiple serious breaches" - which is going to happen sooner or later.
"product less friendly" may be a necessary inconvenience, much like having to lock your home when you go to work every day is a necessary inconvenience.
Re: (Score:2)
What I envisioned was an offline system that could retrieve data in a matter of minutes, with a "skinny pipe, heavily alarmed with independent monitoring equipment" system sitting between the offline storage system and the "main, online" system. "Skinny pipe" to make it physically impossible to do a wholesale data dump in a short period of time, and "heavily alarmed with independent monitoring equipment" so the alarms can't be hacked through normal means (they could be hacked by social engineering or perha
Re:the new reality (Score:5, Interesting)
Bitcoin enabling? (Score:2)
I have to wonder if the value and mostly anonymous nature of Bitcoins are enabling these kinds of deals. I'm not saying Bitcoin is necessarily evil, but do I have to wonder to myself, would these kinds of ransoms and/or sales of stolen data be as easily possible without Bitcoin?
Re: (Score:1)
Surely no ransoms ever happened in the days before Bitcoin!
Re: (Score:2)