A major data breach has allegedly hit Russell Cellular, one of the largest Verizon authorized retailers, potentially exposing the personal records of over 6.3 million customers. A database weighing 61GB and containing sensitive details like names, account numbers, and employee credentials is reportedly being sold on a cybercrime forum for $1,200.

The security incident centers on a massive repository of information that surfaced on a popular hacking forum after a cybercriminal posted samples to verify the legitimacy of the haul. Researchers who examined the leaked files found structured data that appears to be authentic, suggesting a significant lapse in security for the retail giant. The asking price for the entire collection of records is surprisingly low given the volume of sensitive information involved, which includes everything from basic contact details to internal employee login credentials.

For the millions of customers potentially impacted, the data includes full names, phone numbers, email addresses, and specific contract details. Even more concerning is the exposure of device identifiers like IMEI and ESN numbers, alongside invoice and tracking data. This level of detail provides bad actors with a roadmap for targeted phishing attacks or identity theft, as the records paint a comprehensive picture of a user’s relationship with their service provider and their specific hardware.

The threat extends beyond just customers, as the leak reportedly contains internal employee data such as usernames and passwords. Some of these passwords were found in plaintext, meaning they are immediately readable without any decryption. This vulnerability puts Russell Cellular’s internal systems at risk of further unauthorized access, potentially allowing hackers to move laterally through the company’s network or gain control over administrative functions.

While Russell Cellular has not yet officially confirmed that their systems were compromised, Verizon has acknowledged the situation and is participating in the response. A spokesperson for Verizon confirmed that they are aware of the threat and are working closely with the retailer to determine the true scope of the exposure. The investigation is currently focused on verifying the data's origin and understanding exactly how the breach occurred to prevent further leaks.

As the investigation continues, the companies have promised to share more information regarding the impact on individual users. In the meantime, the presence of such a large database on the open market serves as a stark reminder of the vulnerabilities inherent in third-party retail partnerships. Affected individuals are generally advised to monitor their accounts for suspicious activity and remain wary of unsolicited communications that reference their specific account or device details.

Source: https://cybernews.com/security/russell-cellular-data-data-breach/