After claiming Verizon attack, hacker and the spoils disappear
Hours after boasting about the theft of 3 million records from Verizon Wireless, the hacker claiming responsibility for the attack and the purloined data posted to Pastebin have disappeared from the Web.
A search for the hacker's Twitter handle, @TibitXimer, produced a "Sorry, that page doesn't exist!" message.
Meanwhile, the data claimed to belong to Verizon Wireless appears to have been removed from Pastebin, a popular site for hackers to post stolen data.
Verizon Wireless is denying that the file that was posted to the Internet contained information from its customers. "We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data," Verizon spokesperson Alberto Canal told ZDNet. "Our systems have not been hacked."
The hacker later revised his story about the origin of the data, telling ZDNet the data was from Verizon FiOS files, not Verizon Wireless.
Security researcher Adam Caudill, who viewed the data before it disappeared from Pastebin, wrote on Twitter that the information was posted months ago to the Internet. "The file that's going around is one of the files that we discussed back in August," he tweeted. "Nothing new."
"It's part of a set of files that was posted in August; I strongly suspect it's a telemarketing file or similar," he added.
ZDNet broke the theft story on Saturday, reporting that a hacker had posted 300,000 database entries belonging to Verizon Wireless.
The hacker told ZDNet that he'd breached the Verizon database on July 12 and downloaded an estimated 3 million records containing names, addresses, mobile serial numbers, the opening date of each account, and account passwords.
The hacker added that he decided to post a portion of the pilfered information to Pastebin because Verizon had not fixed the vulnerability since the hacker had exploited it.
Although sympathetic with the hacktivist collective Anonymous, the Verizon hacker told ZDNet he had no affiliation with that organization.
Verizon spokesman Canal confirmed to ZDNet that a breach had taken place months ago and had been reported to law enforcement authorities.
Many of the details about the incident claimed by the hacker were incorrect or exaggerated, he added. All customers affected by the incident were notified at the time, and safeguards were taken to protect their data and privacy.
Twitter tries to tame boasts
It's believed that Twitter suspended the hacker's account after learning about his claims.
Twitter has been fighting its "dark side" for years with mixed success.
It has also attempted to add more transparency to enforcement actions it takes on members' accounts. For example, Twitter launched a new policy in November calling for takedown messages to be posted to a member's tweet feed when one of their tweets had been removed for an alleged copyright violation.
Before the policy change, such tweets just disappeared from a feed stream without explanation, making it more difficult for whomever posted the tweet to challenge the takedown.