According to a Motherboard report, the hacker got access to the Verizon database by tricking an employee to grant them remote access to their corporate computer. They posed as internal support and convinced the victim through social engineering. Once the hacker had access to the database, they launched a script to copy the information. “These employees are idiots,” the hacker told Motherboard in an online chat. They shared the stolen data, perhaps part of it, with the publication. The report suggests the information is accurate but unclear how up to date. The publication called some of the phone numbers and four people confirmed their full names and email addresses. They also confirmed that they work at Verizon. Additionally, one more confirmed the name and email address but said they no longer work at the company. They did in the past, though. A dozen other returned voicemails with accurate names, which suggests the stolen data is legitimate.

Verizon is downplaying the data breach

According to the new report, the hacker has already contacted Verizon. They are seeking a ransom of $250,000 in exchange for not leaking the stolen data. “Please feel free to respond with an offer not to leak your entire employee database,” the hacker said in an sent to the wireless giant. A Verizon spokesperson also confirmed the contact. “A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon,” the company said. However, it is downplaying the data breach. In an emailed statement to the publication, Verizon said it does not believe the stolen data contains “any sensitive information.” The carrier does not plan to further engage with the hacker. “As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.” the company added. While the stolen data may not contain sensitive information such as Social Security Numbers, passwords, and payment details, it could still be dangerous. As the report notes, criminals could impersonate a Verizon employee and trick other employees to gain access to additional information and/or tools. This may enable them to obtain customer information for SIM swapping fraud.