Verizon data has been leaked online and this data breach involved 6 million users. UpGuard, a cyber security company, confirmed this compromise citing “human error” regarding a misconfigured security setting on a cloud server, according to WESH 2 News.
These 6 million users had information such as some PIN codes, names, and phone numbers available to the public via the Internet. The PIN codes are data pieces used by Verizon customers to confirm their identity when calling into the service center.
However, according to CNN Tech, “No loss or theft of customer information occurred.”
A researcher over at UpGuard happened upon this security hole through the NICE systems. This is an Israeli-based company working with Verizon to manage calls coming in from customers. The company also said that this could impact up to 14 million user accounts.
The process by which the user data was exposed was due in part of a setting set on “public” instead of “private” on an Amazon S3 storage server. Apparently, this server is a key component in the system that keeps data within the cloud. That said, for anyone that had a public link to said server, this means the data was exposed for a limited amount of time.
The exposed PIN codes could be problematic because this is an opportunity for undesirables to call to Verizon posing as a customer and then would be able to verify that they are indeed the customer calling in when a service center agent takes their call. From there, the thief can use social engineering to make changes to your account which, for example, means adding more users to the service or making upgrades that you didn’t make.
— SofiaITC (@SofiaITC) July 12, 2017
A Cyber Resilience Analyst with UpGuard, Dan O’Sullivan, gave his take on how this could occur.
“A scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking. Or they could cut off access to the real account holder.”
He then emphasized the importance of changing your PIN codes, but this can also include anything you do online these days such as passwords to anything that’s important. Security compromises are so common these days, even convoluted passwords are becoming necessary.
— Koncrete Flava (@koncreteflava) July 12, 2017
This isn’t the first time an Amazon S3 server had this problem. Three million WWE fans/users had their data compromised last week, along with around 200 million voters’ information compromised early this month via these servers. They are set securely by default, which could only mean human intervention caused it to be switched otherwise.
Verizon responded, “We regret the incident and apologize to our customers.”
[Featured Image by Scott Olson/Getty Images]