An interesting dispute has cropped up between a hacker by the name of TibitXimer and mobile network provider Verizon. According to the hacker, he gained access to Verizon’s customer data servers back in July 12 by using an exploit which gave him root access to the server. He then managed to download over 3 million customer entries, which included information such as names, addresses, mobile serial numbers, account open dates and passwords.
According to TibitXimer, he contacted Verizon to let them know about the problem. But after Verizon failed to address the issue he uploaded around 300,000 individual user records to Pastebin on December 22, and subsequently took to Twitter to make everyone aware of the exploit.
However according to Verizon their system was never broken in to, they released a statement explaining their opinion of the incident:
“We reported this incident to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.”
Shortly after the initial leak, the Pastebin download link ceased working on the December 23, and since then TibitXimer’s Twitter account also seems to have disappeared. Nevertheless, according to ZDnet’s contact with the hacker, there is still the threat of the remaining data being leaked at a later date.
But if Verizon’s servers were never hacked then you can’t help but wonder — where did all this data come from? Well, Verizon have released another statement to explain the leak:
“There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers.”
So it could be possible that TibitXimer simply picked up the information from somewhere else and passed it off as a hack. But even so, what was a third party doing with this sort of user data, and why was the data allowed to fall into the public domain so easily? And even more importantly, why didn’t Verizon try to sort the matter out months ago when they first new about the data leak?
The whole situation is quite bizarre. Is Verizon just trying to cover its back, or is this all caused by hacker looking for 15 minutes of fame? Either way, if you’re a Verizon customer it would certainly be wise to change your password, just in case any more data is released as some point in the future.