Published: Fri, July 14, 2017
Research | By Jennifer Evans

Verizon Partner Exposes Customer Data After Leak

Verizon Partner Exposes Customer Data After Leak

U.S. telecommunications giant Verizon has confirmed that the details of six million customers were exposed online by a third-party vendor, less than 24 hours after cybersecurity firm UpGuard published the claim that the scope of the incident was much larger.

Nice Systems said it is investigating the exposure, and said there's "no indication" the information has been compromised, Engadget reports.

According to ZDNet, the data is collected from customer calls and stored by Nice Systems so that it can be analyzed to help improve the customer service experience.

The data is found in an unprotected Amazon S3 storage server administered by an engineer for NICE Systems, which is based in Israel.

Exposed were text files logging calls made to Verizon call centers between January 1, 2017 and June 22, O'Sullivan said. Chris Vickery, a researcher at UpGuard, discovered the repository in early June and found that it was configured to allow external access.

Verizon Wireless has gone official and let its customers know that there has been a massive data security issue that left records on 6 million customers exposed.

An security firm revealed on Wednesday that information on as many as 14 million Verizon accounts was exposed on an unsecured server. And, while you're at it, ask Verizon to do a little more about security.

Verizon uses cloud services provided by Amazon in order to store their troves of customer information and data.

Verizon and NICE have made moves to secure this data, though Vickery points out that it took them nine days to do so after UpGuard alerted them of the leak.

To the extent PINs were included in the data set, the PINs are used to authenticate a customer calling our wireline call center, but do not provide online access to customer accounts.

The records included customer names, cell phone number and account PIN-a security layer that if acquired could allow anyone to access the subscriber's account. Sophisticated state actors, looking for, say, information on government workers, were of particular concern, he added. UpGuard said the problem stemmed from a cloud server that a third-party vendor had misconfigured. If they have those, they can change devices associated with the phone numbers of the account, thereby hijacking those phone numbers, or make fraudulent purchases through customer service.

Like this: