dslreports logo
 story category
The Verizon Wireless Hack That Wasn't
'New' Hack Was Actually for FiOS, Many Months Old
A hacker recently claimed that he had obtained the private data of some 3 million Verizon Wireless users, though Verizon Wireless has denied the claim in its entirety. Running what they claimed was an exclusive story last weekend, ZDNet stated that a hacker going by the name of @TibitXimer on Twitter had obtained the private information of some 300,000 Verizon Wireless customers. According to the hacker, he had posted just 10% of the records online (which I noticed at the time you had to pay to download) and would post more later. From the story:
quote:
The hacker, going by the name @TibitXimer on Twitter, told ZDNet earlier this evening that the hack was carried out earlier this year on July 12, which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw. Tibit downloaded more than 3 million customer entries from Verizon's database, including names, addresses, mobile serial numbers, the opening date of each account, and account passwords. However, he said that figure was an estimate and had "no clue" exactly how many records there were, and that it was a "low estimate based on the size of one record and the size of all the files."
The problem? Those who paid and looked at the data found that it was a smattering of FiOS user data that was leaked last summer, which Verizon previously acknowledged and warned customers about. Verizon had this to say about the hack that wasn't:
quote:
The ZDNet story is inaccurate. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
The hacker's Twitter account and the files hosted on pastebin have since disappeared. "TibitXimer" apparently thought he could gain some nerd cred by laying claim to data that was many months old.
view:
topics flat nest 

David
Premium Member
join:2002-05-30
Granite City, IL

David

Premium Member

oooooooooooooooooops

UFail!

SixSpeed
join:2001-12-24
USA

SixSpeed

Member

Re: oooooooooooooooooops

No - he/she won. It was all a scam to begin with.

Notice this?

According to the hacker, he had posted just 10% of the records online (which I noticed at the time you had to pay to download) and would post more later.

David
Premium Member
join:2002-05-30
Granite City, IL

David

Premium Member

Re: oooooooooooooooooops

I don't think he won..... claiming to have hacked to something that was public a while back isn't a hack.

I could think of several things to call it... ponzi scheme seems to be appropriate.
watice
join:2008-11-01
New York, NY

watice

Member

OK

So because it's FIOS customer data as opposed to Wireless customer data it's ok? Still wondering what was in the actual data leaked.

Mahalo
join:2000-12-20
united state

Mahalo

Member

Re: OK

»Re: ZDNet: Hacker nabs 3m Verizon customer records

DataBreach
@edgewebhosting.net

DataBreach to watice

Anon

to watice
The reported file was removed from PasteBin but you can view the data here: »anonfiles.com/file/300aa ··· 7577bd0a per »www.cyberwarnews.info/20 ··· -breach/

More Fiber
MVM
join:2005-09-26
Cape Coral, FL

More Fiber

MVM

So how was this not a hack if cust recs were made public?

So making 346,000 FIOS customer records public was not a hack?

If VZ servers (or their agents) weren't hacked, why does VZ acknowledge that affected customers and law enforcement were notified?

The hackers claims are indeed exaggerated. He claims that what was posted was 10% of what he hacked. FIOS does not have 3.4 million customers in PA and DE, so that claim is bogus. He also claims the file contains passwords, which it does not.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

Re: So how was this not a hack if cust recs were made public?

said by More Fiber:

So making 346,000 FIOS customer records public was not a hack?
claims the file contains passwords, which it does not.

Making the records public is not a "hack", it is just publication of the records. Obtaining the records from, Verizon servers is a hack, but that was done well before one @TibitXimer claimed to have hacked Verizon. Nearly as I can tell, this @TibitXimer was trying to claim credit for somebody else's hack.
tmc8080
join:2004-04-24
Brooklyn, NY

tmc8080

Member

priorities...

when a company like Verizon tries to become more like AT&T, they get EXACTLY what they had coming for a long time....

you, the customer are very low on the totem pole.. Verizon's profits are their TOP priority.