Verizon Mistakenly Leaks 6 Million Customer Records, Blames Human Error
When you spill a glass of milk or drop your car keys, you might say, "Oops!" But when you inadvertently leak personal information of millions of customers, well, other choice phrases might come to mind. That is the situation Verizon finds itself in—the nation's largest wireless carrier confirmed that certain information belonging to 6 million customers has leaked online.
Cybersecurity firm UpGuard discovered the security issue, which traced back to a improperly configured security setting on a cloud server. The situation is being deemed as "human error," which probably will not make affected customers feel any better about the situation. On the plus side, Verizon told CNN Tech even though customer data was vulnerable, there was no loss or theft of personal information.
The temporarily compromised data was tied to NICE Systems, a company in Israel that was assisting Verizon with customer support calls. There was six months worth of customer data that was exposed, though there is no indication that payment information was ever at risk—just names, numbers, and PIN codes used the confirm a customer's identity when calling in for support.
Apparently NICE Systems did not configured its security settings properly. One of the settings that was tied to an Amazon S3 storage server was set to public when it should have been set to private. The end result of that mistake is that customer data was visible online to anyone who cared to look, at least until Verizon was made aware of the issue. UpGuard alerted Verizon of the setting on June 13. It was fixed on June 22.
Not all of the PIN codes were visible, though the ones that were could have been used for nefarious purposes. Having access to a customer's PIN code would allow a scammer to trick a support agent into thinking they are the actual account holder.
Leaks tied to data on Amazon's S3 servers seem to be a common thing lately. In addition to the voter information that was exposed in June, earlier this week an insecure server resulted in leaked data belonging to 3 million WWE fans.
Thumbnail Image Source: Flickr (Mike Mozart)
Cybersecurity firm UpGuard discovered the security issue, which traced back to a improperly configured security setting on a cloud server. The situation is being deemed as "human error," which probably will not make affected customers feel any better about the situation. On the plus side, Verizon told CNN Tech even though customer data was vulnerable, there was no loss or theft of personal information.
The temporarily compromised data was tied to NICE Systems, a company in Israel that was assisting Verizon with customer support calls. There was six months worth of customer data that was exposed, though there is no indication that payment information was ever at risk—just names, numbers, and PIN codes used the confirm a customer's identity when calling in for support.
Apparently NICE Systems did not configured its security settings properly. One of the settings that was tied to an Amazon S3 storage server was set to public when it should have been set to private. The end result of that mistake is that customer data was visible online to anyone who cared to look, at least until Verizon was made aware of the issue. UpGuard alerted Verizon of the setting on June 13. It was fixed on June 22.
Not all of the PIN codes were visible, though the ones that were could have been used for nefarious purposes. Having access to a customer's PIN code would allow a scammer to trick a support agent into thinking they are the actual account holder.
Leaks tied to data on Amazon's S3 servers seem to be a common thing lately. In addition to the voter information that was exposed in June, earlier this week an insecure server resulted in leaked data belonging to 3 million WWE fans.
Thumbnail Image Source: Flickr (Mike Mozart)
