Update 2: Verizon has responded, and they disagree with many key points in the story here. Following is their full response:
The ZDNet story is inaccurate. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.
We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
This sounds pretty positive, and kudos to Verizon for reaching out on the Saturday before Christmas. The original text still follows for reference.
Update: ZD Net has updated their original story, and it appears that the records are for FIOS customers and not wireless customers. We'll leave this in place so that the FIOS customers among you have a heads up
According to ZDNet, a hacker has gained access to over 3 million records from a Verizon Wireless customer database. The information includes names, addresses, serial numbers, and passwords. The hacker gained access to the server on July 12, and claims to have contacted Verizon, but since the have reportedly ignored his report, he has pasted 300,000 of the records online. Supposedly these database is broken up into regions, and the leaked region is in and around Pennsylvania. The records are stored in plain text, and the hacker "might leak the rest later".
If you're a Verizon customer, now would be a good time to change your account password. We're not going to go into the details or link to the pastebin of account data. We hate delivering this sort of news, but we know you need to be informed. We hope Verizon is quick to address the issue, and look forward to hearing their side of things.
Source: ZD Net
Reader comments
Verizon customer database hacked; 300,000 entries leaked online [UPDATE Verizon's response]
Verizon is so about not allowing uh blocked devices because their network is supposed to be so secure yet can't keep this kind of info private. Smh Verizon come on
Not their only problem today. My Verizon network connection has been insisting since 11:30 P.M. Dec. 21 that it's Dec. 23. It's now Dec 22, and it's still stuck on 23!
I changed mine as soon as I read the tittle lol
The hacker guy tweeted that the database is Fios customers not Wireless. Follow the link Jerry posted.
Yep
The hacker calls himself tidbit and their is a some guy paid by verizon to belittle customers who ask for help in Verizon community forum named tidbits, wondering if it is the same guy
Jerry, you may want to update. It's NOT Verizon Wireless. "The hacker said in a later tweet the data likely belongs to Verizon FiOS fiber customers, rather than Verizon Wireless cellular customers."
However, a lot of these accounts are combined via My Verizon. :-(
ZD Net updated their post:
"Verizon spokesperson Alberto Canal told ZDNet in an emailed statement: "We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked."
The hacker said in a later tweet the data likely belongs to Verizon FiOS fiber customers, rather than Verizon Wireless cellular customers. We've updated the post to reflect these changes. We've put in more questions to Verizon and will update again once we hear back."
Just came back to update. I waited a half hour after I saw it in case more info came out, I guess I should have waited 35 minutes.
Better safe than sorry.
"Better safe than sorry."
No one should bash you for trying to look out for us. Thanks for the heads-up anyway.
Edit: disregard
Oops. This doesn't sound good for those FIOS customers.
Scary! That sucks for all of them!
How about one bill customers ? Our wireless and FiOS bills are on the same account .....
Same here, and I'm not in that released file. That's obviously not proof of anything, but I find it very odd. A friend of mine in another city with TV+Internet isn't in it either.
saw the file, i didnt see passwords so i think people are safe. unless i missed something
I downloaded the file that he posted and took a look at it. I don't see any indication of passwords, so he appears to have stripped those out of the public release.
The really odd thing is that my neighbors on both sides and across the street are in that file, but I'm not. All of those neighbors are elderly, and I doubt that they even have a computer; so this list might only be of people with FiOS TV and not TV+Internet. A friend of mine in another town, who also has FiOS TV+Internet, isn't listed either.
Yeah I was just looking through it myself, definitely nothing that resembles a password (or even a hashed one).
I don't have a Verizon FIOS account, but when I logged in my contact email had been changed. I have since updated that information and changed my password
After looking at the data, I'm relieved that my dad is not included in the list of people, but some of my family members are.
I would advise anyone that uses the same password on multiple services (a poor practice) to change the password on all such services... and make each one unique, so that if one is compromised, they aren't all compromised.
I'm canceling my service,I'm going to start my own company.Unlimited everything for just 29.99 a month.If you want service call me @ 911,my secretary will set up service,Thank you for support.
Oh Verizon. Stop. just admit you got one pulled over on you. *Troll Face*
It doesn't surprise me that their passwords weren't salted and hashed. And I bet the VZW-only customer database has the same bad practices going on. You can't even have a question mark in your password for crying out loud!
Verizon incompetence continues unabated.
can someone pm me a link to the "list"