- 14 million Verizon customer’s personal data leaked online.
- It was exposed on an unprotected AWS server.
- Chris Vickery, UpGuard researcher discovered this data breach and had informed Verizon.
- It is the consequence of a misconfigured cloud-based File repository on behalf of a third party vendor named NICE Systems based in Israel.
- The leaked information revealed
- Subscriber’s name
- Cellphone number
- Account PIN
Using the PIN, attackers could fool the customer service representative and make required changes based on their interests. This is the most important challenge.
Change the Verizon account PIN as soon as possible to prevent malicious usage.
Verizon Wireless customers have faced a massive Data leak. It was reported that about 14 million Verizon wireless users’ personal details were leaked and exposed online from an unsecured server.
This data breach was the consequence of a misconfigured cloud-based File repository on behalf of a third party vendor in Israel. The vendor named to be NICE Systems.
Hurry up to change your PIN if you are a Verizon customer. The leaked information consisted:
- subscriber’s name,
- cellphone number,
- account PIN
14 Million Verizon customer’s personal data leaked
The interesting fact is that, with the PIN, an attacker could deceive a customer-service representative into giving them access to the respective account. With this privilege, the intruders could make any changes according to their interests.
Cyber criminals target wireless accounts as it helps to bypass 2FA ( Two Factor Authentication) on third party services. A majority of the users opt 2FA via SMS as a security measure to protect their data.
Verizon’s statement reveals that 6 million accounts were breached and exposed, though it was about 14 million according to the initial reports.
The security firm, UpGuard, had informed Verizon about the exposed data on June 13. Chris Vickery, UpGuard researcher discovered this data leakage. The problem had been dealt and solved by Verizon IT experts by June 22, reported by CNN.
Verizon users who contacted customer service only had to compromise their PIN and details. It was from the call logs. Verizon says the exposed data was for a “wireline portal,” meaning the accounts were for residential and business wireline services (such as FiOS) and not Verizon Wireless. The cell phone numbers were part of the data for contact purposes.
Verizon has not yet guided their customers how to check if one’s data is leaked or not. So, experts advise changing the PIN as soon as possible as the primary safety measure.
The third party company Nice Systems, mistakenly designated the data, which was stored on an Amazon S3 server, as “public,” ZDNet reported when it broke the story. Wireless carriers like Verizon often contract other companies to manage their customer service calls and the data they generate.
Nice System, provides telephone voice recording, surveillance, data security services as well as analyzing the recorded data.
According to UpGuard’s Dan O’Sullivan (blog post) : “It appears to have been created to log customer call data for unknown purposes”