Data belonging to at least 6 million Verizon subscribers were exposed due to a security lapse by one of the carrier's customer service partners.
Verizon has said it was carrying out an investigation into this issue as part of an ongoing company project to enhance its customer service. Verizon was reportedly told of the data breach last month, but it reportedly took the tech company more than a week before it could secured the server. Nice Systems also claims that none of their systems or products have been breached either, but regardless the fact that it was sitting exposed is probably not the most comfortable of ideas. The security hole was closed on June 22, according to UpGuard's report. Vickery also discovered earlier this year that some information of almost 200 million voters was exposed by a data firm working for Republican Party clients. These log files were recordings of customer calls to Verizon customer service and were apparently from various regions in the U.S., including Florida and Sacramento. Better change your account personal identification number (PIN), if you have one.
If you listen to cloud vendors talk about cloud security, you'll nearly always hear them say something along the lines of "cloud security is a two-way street". The temporarily compromised data was tied to NICE Systems, a company in Israel that was assisting Verizon with customer support calls. Verizon confirmed that information was at risk of being comprised, and said human error was the reason for the potential leak.
Data within the repository is said to have been in the terrabytes and included details includng addresses, names, phone numbers account PINs and in some case customer account balances.
"Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access.".The phone giant said that the "overwhelming majority of information in the data set has no external value".
Dan O'Sullivan, a Cyber Resilience Analyst with UpGuard, said exposed PIN codes is a concern because it allows scammers to access someone's phone service if they convince a customer service agent they're the account holder.
Event amnesia within the telco industry exists: who can forget the 15m T-Mobile customers who had their data exposed by a third-party vendor, Experian, in 2015?
With free access to the account, an attacker could make whatever changes to service that they want, theoretically adding lines or specific features.