Verizon confirmed on Wednesday 12th July the personal data of 6 million customers had been leaked online.
The security flaw was discovered by cyber security firm UpGuard, they found the breach was due to a misconfigured security setting on a cloud server which was present due to human error. A researcher at UpGuard discovered the data was exposed by one of Verizon’s partners, NICE Systems, an Israel-based company who facilitate customer service calls for the telecoms giant. The incident originally stemmed from NICE security measures that were not configured correctly. A key security setting was set to public, instead of private, on an Amazon S3 storage server, a common technology used by businesses to keep data in the cloud. This means Verizon data stored in the cloud was made visible to anyone who had the public link.
Over six million customer phone numbers, names, and PIN codes were made publicly available online. The PIN codes are used to confirm the identity of people who call for customer service, there would allow criminals, skilled in social engineering, to access a customer’s phone service if they convince a Verizon Customer Service Agent they are the account holder.