Verizon

Vickery found a Verizon database set up for public access with no password or other form of verification.

The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes.

Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database.

The alert was instantly raised, but it took the corporation weeks to fix the problem.

Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.

Source: https://mackeeper.com/blog/data-breach-reports-2016/

TPRM report: https://scoringcyber.rankiteo.com/company/verizon

"id": "ver41721823",
"linkid": "verizon",
"type": "Data Leak",
"date": "12/2015",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Telecommunications',
                        'name': 'Verizon',
                        'type': 'Telecommunications Company'}],
 'attack_vector': 'Misconfigured Database',
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['DVR data',
                                              'VOD data',
                                              'Fios Hydra data',
                                              'Encryption and authentication '
                                              'keys',
                                              'Access tokens',
                                              'Password hashes']},
 'description': 'Vickery found a Verizon database set up for public access '
                'with no password or other form of verification. The database '
                'contains enormous amounts of data and metadata for DVR, VOD, '
                'and Fios Hydra services, as well as private Verizon '
                'encryption and authentication keys (PSKs), access tokens, and '
                'password hashes. Vickery quickly notified Verizon about the '
                'cybersecurity vulnerability after seeing the incorrectly '
                'configured database. The alert was instantly raised, but it '
                "took the corporation weeks to fix the problem. Verizon's data "
                'was offered for sale on a darknet forum for $100,000. '
                "Additionally, the crooks sold details on the firm's "
                'cybersecurity weaknesses.',
 'impact': {'data_compromised': ['DVR data',
                                 'VOD data',
                                 'Fios Hydra data',
                                 'Encryption and authentication keys',
                                 'Access tokens',
                                 'Password hashes'],
            'systems_affected': ['DVR', 'VOD', 'Fios Hydra']},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'entry_point': 'Misconfigured Database'},
 'motivation': ['Financial Gain', 'Information Selling'],
 'post_incident_analysis': {'root_causes': 'Incorrectly configured database'},
 'title': 'Verizon Data Leak',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Incorrectly configured database'}

Verizon

Dordt University

Sesame Workshop

Gigabyte