Verizon Wireless Partner Left Data On 6 Million Users In The Open

USA telecommunications giant Verizon has confirmed that the details of six million customers were exposed online by a third-party vendor, less than 24 hours after cybersecurity firm UpGuard published the claim that the scope of the incident was much larger.

Verizon officials said that the data exposure was limited, as no one besides Vickery accessed the repository.

"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project", a Verizon spokesperson told ZDNet Wednesday, referring to Amazon Web Services, a cloud computing platform commonly used to host internet-accessible databases.

The data is found in an unprotected Amazon S3 storage server administered by an engineer for NICE Systems, which is based in Israel.

UpGuard, a cyber security firm, discovered the leak and initially believed the hack to have affected almost 14 million customers.

Just a couple of days after one of the biggest data leaks in India, where data of over 120 Million Reliance Jio users was leaked online, U.S. is facing a similar problem of their own. Officials also called the number of subscriber accounts included in media reports as "overstated", but did not provide any information as to how many customers are affected. And, while you're at it, ask Verizon to do a little more about security. The leak was due to human error, and the hole has since been patched, but Verizon customers are going to want to take some action to be sure their accounts aren't compromised further. The discovery was made by UpGuard on June 13, and they immediately informed Verizon.

The main fear, according to the experts, was that Verizon Pin numbers in the trove of exposed data could be used to trick Verizon operators into letting hackers access personal accounts.

In a statement on the company's website, Verizon said the leak was caused by an employee of one of the company's vendors who accidentally allowed external access to information put in a cloud storage area.

"When an attacker has enough information about their target - gathered either through social engineering or from data breaches- they will contact the phone carrier and have the phone SIM card swapped to a new device".

This latest data breach follows in the wake of similar incidents where information has been left exposed in a misconfigured manner by third-party vendors.

"Cyber risk is a fact of life for any digital service", O'Sullivan said.

With free access to the account, an attacker could make whatever changes to service that they want, theoretically adding lines or specific features.


Popular

CONNECT