The Cybersecurity Team at SafetyDetectives has uncovered a post on a clear web forum where a threat actor claimed to be selling a database containing 61 million records allegedly belonging to Verizon customers. The data, packaged in a 3.1 GB CSV/JSON file and dated as “2025,” was offered for purchase on a platform known for hosting discussions on database leaks, cracks, and downloads. Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and selling breached data. While the post included screenshots of sample data, SafetyDetectives could not definitively confirm its authenticity or direct connection to Verizon’s customer base.[1]
Verizon Communications Inc., headquartered in New York City, is the world’s second-largest telecommunications company by revenue and the leading wireless carrier in the United States. As of 31 March 2025, Verizon boasted 146 million subscribers, making any potential data breach a significant concern for a vast number of individuals.
The forum post claimed to offer 61 million “Verizon USA” records, with sample screenshots revealing approximately 517 records across 47 lines per image. The exposed data reportedly included sensitive details such as first and last names, gender, dates of birth, tax IDs, three additional identification numbers per customer, full addresses, and two phone numbers per individual. When a forum member requested a download link, the seller responded that the database was for sale, indicating a paywalled transaction. While the data appeared legitimate, its origin from Verizon customers remains unverified.
If found to be authentic, this data could pose severe risks to affected individuals. The sensitive nature of the information, particularly tax IDs, addresses, and phone numbers, could enable malicious actors to perpetrate identity theft, opening fraudulent bank accounts or filing false tax returns. The data could also fuel targeted phishing or social engineering attacks, with attackers leveraging personal details to craft convincing scams via email, text, or phone. Financial fraud is another concern, as the exposed information could be used to access or reset banking and financial accounts. Additionally, attackers might exploit phone numbers and birth dates to take over email, social media, or e-commerce accounts through credential recovery processes.
Individuals concerned about possible data exposure should exercise caution with unsolicited communications, verifying sources before engaging with links or sharing information. Auditing online profiles to limit publicly shared personal details, such as birth dates or addresses, can reduce risks. Strengthening privacy settings on social media and other platforms is advisable, as is regular monitoring of bank statements, credit card activity, and credit reports for unauthorized transactions or accounts.
Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and selling breached data. These platforms often provide anonymity and paywall features, enabling threat actors to profit from leaks. SafetyDetectives’ report aims to inform potentially affected parties proactively, based on thorough research, without implying faults or negligence by any organization.
SafetyDetectives also recently reported a separate clear web post offering 10,000 records allegedly from VirtualMacOSX, highlighting the ongoing prevalence of such threats. While the Verizon claim remains unconfirmed, vigilance is essential in today’s digital landscape.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cybersecurityintelligence.com/blog/sixty-one-million-verizon-records-found-on-web-forum-8503.html
Comments