The vulnerability, which was investigated and fixed, did not leak any data on consumer customers, Verizon said in a statement on Thursday.
CPNI is the information that telephone companies collect including the time, date, duration and destination number of each call and the type of network a consumer subscribes to.
KrebsOnSecurity has learned that a member of a underground cybercrime forum had posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.
The seller priced the entire package at $100,000, but offered to sell it off in parts of 100,000 records for $10,000 apiece, Krebs added.
The irony in this breach is that Verizon Enterprise is typically the one telling the rest of the world how these sorts of breaches take place.