A hacker with the Twitter handle @TibitXimer has claimed to have hacked Verizon’s customer database, stealing personal information for more than three million customers. The hacker posted what appeared to be info file for 300,000 of those customers to a code-sharing website as proof of his accomplishment.
According to the hacker, he gained root access to Verizon’s customer database back in July 2012. The hacker says they were working with a partner to discover security flaws in Verizon’s systems.
The hacker claims that Verizon stored customer data including account passwords, names and addresses in non-encrypted plain text format.
In revealing his allegedly successful hack of the Verizon Wireless system, TibitXimer says three million data records may be a low estimate. The hacker based his overall haul on the size of all the files he stole and specifically on the size of one very large data file.
The hacker did not just hack the Verizon network and then release the files; he claims that Verizon officials ignored his repeated attempts to warn them about the security vulnerability.
While 300,000 files have already been leaked to code-sharing website Pastebin, the hacker has not committed to releases the 2.7 million files he still has in his possession.
Verizon has not yet commented on the situation. It will be interesting to see why America’s largest carrier has chosen to store their massive customer database in unencrypted, plaint-text formatting.
Do you think more company’s need to adopt strict plans for securing customer data from prying eyes?