dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2780
share rss forum feed

Morris0

join:2011-05-14
kudos:1

ZDNet: Hacker nabs 3m Verizon customer records

»www.zdnet.com/exclusive-hacker-n···0009151/


serge87

join:2009-11-29
Reviews:
·Verizon FiOS

I took a look so I can sleep tonight and it's only PA customers in the leaked database from what I could tell.

quote:
"The hacker said that the leaked customer data suggests it came from customers in "Pennsylvania and maybe two more states around it."

"I might leak the rest later," he noted.


How wonderful, just in time for Christmas

Grover8

join:2012-01-06
Fresh Meadows, NY

1 edit

1 recommendation

reply to Morris0

Hm.. no wonder Verizon asked for a PIN number when I called on Wednesday to place an order.

I changed my password after the hack happened but should I change again?

Edit: I'm going to change my password just to be safe.

Off-topic but I was briefly scanned the bundle the customers have and 99.99% don't have the 150/65 package let alone the 300/65 option. Most are the 15/5 package. How sad



NotTheMama
What Would Earl Do?

join:2012-12-06

said by Grover8:

How sad

How so? (excluding Vz investors, of course)
--
"...but ya doesn't hasta call me Johnson!"


HD_Ride
Premium
join:2000-10-18
Jerseyastan
reply to Morris0

Great, VZ didn’t have the balls to tell the folks that could have been affected so we had to come here and find out from another member that VZ security has more holes in it than the Swiss cheese at the local deli. This is the best part,“Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw”. After seeing that it is clear security is not a high priority at VZ. Maybe some of the VZ employees that are forum regulars here would like to chime in and tell us how great VZ security is.



RolteC
0h

join:2001-05-20
Fresh Meadows, NY
kudos:1

I'm reading more online that Verizon is now sending out emails to the websites stating that this is not true or at least exaggerated.

»www.databreaches.net/?p=26501



More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:30

VZ is talking out of both sides of their mouth.

quote:
No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.

In one sentence they both deny a breech occurred and also admit customers were impacted? So how is it that customers were impacted if no systems were breached?

Typical VZ double-speak.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.

nowayout

join:2009-06-22
Allentown, PA

1 edit
reply to Morris0

Lovely.

And since Verizon is Verizon, I'm trying to change my password but it keeps telling me my "old" password is incorrect, which it isn't. So I can't do anything.

Also, if you try to use a number as the first character in a new password, it won't recognize the password as valid.


yurimaster

join:2009-09-28
Alexandria, VA

Looks like VZ did get hacked and those in PA got effected if you're correct. How are you able to login nowayout? Since you mention that your old password is incorrect.



RolteC
0h

join:2001-05-20
Fresh Meadows, NY
kudos:1

I think I will have to agree with you yurimaster


nowayout

join:2009-06-22
Allentown, PA

4 edits
reply to yurimaster

said by yurimaster:

How are you able to login nowayout? Since you mention that your old password is incorrect.

I'm able to login fine. The Change Password page is faulty because it's preventing me from changing it. It says my old/current pw is incorrect when I enter it. Sorry for not being more clear.

Edit: I changed my password by logging out and using the "Forgot Password" method of resetting it. Oy... Pro tip just in case anybody else runs into that problem.

yurimaster

join:2009-09-28
Alexandria, VA

Cool, I went ahead and change my password just for safety.



HD_Ride
Premium
join:2000-10-18
Jerseyastan
reply to More Fiber

said by More Fiber:

VZ is talking out of both sides of their mouth.

quote:
No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.

In one sentence they both deny a breech occurred and also admit customers were impacted? So how is it that customers were impacted if no systems were breached?

Typical VZ double-speak.

Exactly, you are referring to link RolteC See Profile put up. Talk about spin, impacted a fraction of the number of individuals being reported and Verizon has also notified law enforcement. Well then, why did they notify LE if no systems were breached, to make an end of year donation to the PBA


HD_Ride
Premium
join:2000-10-18
Jerseyastan
reply to Morris0

The VZ Central site is not working correctly. I have Win7 Pro SP1 with IE9 and FF 17.0.1 on my desktop system. Once I logon to VZ portal the select profile and then Manage it will not respond to Manage with either browser. I then fired up my laptop with Linux Mint and FF 17.0.1 and the result is the same, no response on Manage.

When I logged into VZ Accounts and Billing (why two portals is beyond me) I was prompted for password change upon logon however it would not accept new password, it said try again later. I see things are working great at VZ


Springbok

join:2002-09-13
Colleyville, TX
reply to Morris0

Ugh... is it too much to ask Verizon use some of their development talent to make security tighter and navigating easier, instead of bombarding us with stuff to sell every time we logon?


McBane

join:2008-08-22
Plano, TX

I would be happy if they just fixed their damn website. Some account functions have been broke for almost an entire year now on the business side.



HD_Ride
Premium
join:2000-10-18
Jerseyastan
reply to Morris0

Just an update… some of you who migrated from DSL several years ago may have the same issues I did when trying to resolve this with the VZ support. We had two portal logins setup which I knew about because this how it use to work. The first is to manage & create sub accounts, manage web space and access webmail. The second logon was for VZ Billing only. The first account is a .net logon and the second is a .com account. Either of the old URL’s I have stored in my password manager will take me to VZ Central whereas in the past it was two different sites. As some of you know VZ brought both sites together a few years ago. Their error was not removing the second set of credentials. My guess is this is only likely to impact users who have had VZ Online the services for several years and this is a non-issue for new customers.

It took VZ 90 minutes to come to the conclusion they could not delete the .com account. VZ did force password changes on both accounts since either logon would not allow me to change my passwords. Strangely enough I was able to change the sub-account with no issue. All is good for now, passwords are changed and no issues with pop mail with new passwords.



Zero

join:2009-07-01
Collegeville, PA
reply to Morris0

Looks like it made it to The Next Web and Engadget:
»thenextweb.com/insider/2012/12/2···ng-firm/

»www.engadget.com/2012/12/23/hack···d-point/


derekivey

join:2006-03-30
San Jose, CA
kudos:1
reply to Morris0

That's definitely Verizon customer data. I found my uncle's info on there as well as one of my co-workers. Seems to be PA customers only. My parents do not appear to be on there though.


TreeTops

join:2008-11-23
97742
reply to Morris0

Thanks Morris0! KUODS to you.
I tried to login to My Verizon www22.verizon... and it said account locked (I normally only login once a month to check my bill and see if emails are being saved; I use ZOHO to manage mail).
So I used forgot password dialog, and had to use PIN sent to my telephone. Anyway all good now


moonpuppy

join:2000-08-21
Glen Burnie, MD
reply to Morris0

And the problem is what is anyone going to do about it?

Since this hacker had a twitter account, Twitter should do all it can to help find this idiot and make him pay. If Twitter does nothing, then any calls of them being hacked should go unanswered by law enforcement.

If this was Verizon who was hacked and not a marketing firm then Verizon should also pay for any damages incurred by the customer. Pay for the credit monitoring for 5 years and take steps to lock everything down.



somebodeez
Premium,MVM
join:2001-09-24
here
Reviews:
·Verizon FiOS
reply to derekivey

said by derekivey:

That's definitely Verizon customer data. I found my uncle's info on there as well as one of my co-workers. Seems to be PA customers only. My parents do not appear to be on there though.

Where can I check the list?


HarleyYac
Lee
Premium
join:2001-10-13
Allendale, NJ
kudos:2
reply to More Fiber

I believe the quote!!! lol



RolteC
0h

join:2001-05-20
Fresh Meadows, NY
kudos:1
reply to somebodeez

There is no place to check it unless you download the same leaked confidential file.


derekivey

join:2006-03-30
San Jose, CA
kudos:1
reply to somebodeez

PMed you the link. I had the hardest time finding it and eventually found it in the comments of a Reddit post. The original pastebin was taken down however it linked to a paid download site. I found a free mirror of the file.



More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:30
reply to moonpuppy

said by moonpuppy:

If this was Verizon who was hacked and not a marketing firm

Why should VZ not hold it contractors to the same standard of care it claims to take with its own systems?
--
There are 10 kinds of people in the world; those who understand binary and those who don't.


birdfeedr
Premium,MVM
join:2001-08-11
Warwick, RI
kudos:9
reply to somebodeez

said by somebodeez:

Where can I check the list?

I couldn't find it. The pastebin upload has been removed. There was a report it was available somewhere else. "File sharing site" was not named.

I'd be interested, not in the data, but what the content was. At least one report said passwords were included. Can't imagine a marketing partner would get password info.

Something is still fishy.


somebodeez
Premium,MVM
join:2001-09-24
here
Reviews:
·Verizon FiOS

said by birdfeedr:At least one report said passwords were included. Can't imagine a marketing partner would get password info.

Something is still fishy.
[/BQUOTE ]:

This is what I was wondering. Why would a third party get information such as passwords?
Fishy indeed.


Mahalo

join:2000-12-20
united state
kudos:1
Reviews:
·Verizon FiOS

1 edit

Click for full size
Click for full size
It does not appear to have passwords in plain text (nothing obvious) and no hashed password. The screenshot on the left is positions 0-132 and the one on the right is positions 647-844. The stuff in the middle (not pictured) has name, address, several Y/N columns, aerial or buried. Both pics were altered to not show everything.


somebodeez
Premium,MVM
join:2001-09-24
here

Thank you, KillABrew.