Published: Sun, July 16, 2017
Tech | By Dwayne Harmon

Millions of Verizon customers affected by security breach

Millions of Verizon customers affected by security breach

An Israeli company working for Verizon in a third-party capacity left critical customer data for 14 million subscribers completely exposed in an unprotected Amazon cloud container.

A statement elaborated: "An employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access". (VZ) has confirmed a data breach that exposed the personal data of millions of its customers, but said that an employee of one of its third-party vendors was at fault.

The data found on the server included six folders with with customer records that also referenced that some of the customers' calls were being recorded and given a "frustration score". With the personal information as well as PIN numbers, a cybercriminal could potentially convinced a carrier to switch the SIM card attached to a customer's account and hijack the account, Forbes reported. Because of this, anyone who knew the website address can easily download the data. The subscribers affected were primarily those who called Verizon's customer services line in the last six months. While you're at it, you might consider asking a Verizon representative when the company plans to move beyond PIN numbers and security questions to adopt stronger security measures.

Chris Vickery, a known security researcher who is now working with the security firm UpGuard, first noticed this data on June 13.

When you set up an S3 account and "bucket" (the term AWS uses for file storage), AWS actually sets the default permissions for that file as private, which means whoever left the records exposed had to override that default setting.

Customers who used the same PIN code for other accounts should also change them, in case hackers try to use the code to access other services under the user's name. This repository contained a lot of information on customers, including name, phone number, and general data on the calls they made to customer service.

It added that it notified Verizon of the breach on June 13, but the "ultimate closure" of the breach only occurred on June 22. The Israel-based company listens to the recorded service calls to help improve the customer experience and used the account records to verify caller information.

Like this: