Site Search
Google Search
Breaking News: Senate GOP's Affordable Care Act Repeal and Replace Plan Fails on Procedural Vote     - | -     Arab States Row With Qatar Intensifies     - | -     Trump Pledges Aid To Help Lebanon Against Islamic State     - | -     House Approves New Sanctions on Russia, Iran, North Korea      - | -     Same-day HIV Testing, Treatment Improves Outcomes for Patients      - | -     North Korea May Conduct Another Missile Test Soon     - | -     After John McCain's Return and Vice President Mike Pence's Tie-Breaking Vote, Senate Advances Health Care Bill     - | -     Kid Rock Appears to Be Inching Closer to Announcing a Run for the Senate
Verizon Data Breach: Millions of Customer Records Leaked Last Month
Get Business & Technology Alerts

14 Jul 2017 11:23 AM EST

-by Chanel Adams, Staff Writer; Image: Verizon Logo (Image Source: Public Domain)

Millions of Verizon customers are just learning that their personal information was leaked last month.

Verizon announced that there was a data breach containing the names, street addresses, email addresses, telephone numbers, and account PINs of six million customers. The sensitive information was left exposed on a database on a third-party cloud server for an unspecified length of time. UpGuard is the company responsible for finding the exposed data. The company reported on Wednesday, June 12, that the number of Verizon customers affected could be closer to 14 million.

The data breach was caused by a misconfigured security setting on the cloud server from "human error," reports CNN. The error made the cloud server release the sensitive information and PIN codes publicly. The PIN codes are used to confirm the identity of the customers who call customer service. No reports of theft of the personal information occurred, assures Verizon.

Chris Vickery, a researcher at UpGuard, was the one who revealed that the Verizon data was exposed by NICE Systems, an Israel-based company Verizon collaborated with on customer service calls. The sensitive data was collected over the past six months. Vickery immediately alerted Verizon on June 13. The security hole was closed on June 12, according to CNN.

The Verizon data breach happened after it was discovered that the NICE security measures were not properly set up. The company accidentally made the sensitive information public instead of private, on an Amazon S3 storage server – a common storage server used by many businesses to keep the data in the cloud. The Verizon data stored on the cloud was made available to anyone who had a direct link. ZDNet was the first to report the data breach.

UpGuard refuses to reveal how the leaked data was discovered in the first place. Dan O' Sullivan, a Cyber Resilience Analyst with UpGuard, stated that the Verizon data breach is a concern because of the exposed PIN codes. It allows scammers to access someone's customer information if they can convince a customer service agent that they're the account holder.

"A scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking," O'Sullivan said. "Or they could cut off access to the real account holder."

Verizon has stated that customers should update their PIN codes and not use the same number twice. Verizon has over 108 million wireless customers. Verizon stated that it's currently investigating how its customer information was incorrectly stored on the Amazon S3 server. They are working as "part of an authorized and ongoing project" to improve its customer service.

"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project," a spokesperson said. "Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access."

Verizon would not explain how it now "masked" its data, citing security concerns. Verizon has also released the following statement.

"We have been able to confirm that the only access to the cloud-storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information."

This is the latest data breach from a misconfigured Amazon S3 storage unit. Last month, an analytics firm exposed the data of close to 200 million voters. Earlier this month, another server leaked 3 million WWE fans' personal information. The only way to prevent these data breaches from happening is to ensure they are choosing the right setting to keep the information private.

Post Your Comment
Excellent Very Good Good Fair Poor



Recently Posted Comments
Date: 15 July, 2017
Posted by: Macy
Comment: Account PINs? It's a serious thing to concern about
FREE
AllMediaNY AllMediaNY AllMedaiNY