News & Politics

Personal Data of 6 Million Verizon Users Leaked Online

(Getty Images)

Here is a little disturbing news for your Hump Day Night:

Verizon confirmed on Wednesday the personal data of 6 million customers has leaked online.

The security issue, uncovered by research from cybersecurity firm UpGuard, was caused by a misconfigured security setting on a cloud server due to “human error.”

There goes any faith a lot people had in cloud servers.

Here’s more on what was leaked, and how:

The error made customer phone numbers, names, and some PIN codes publicly available online. PIN codes are used to confirm the identity of people who call for customer service.

No loss or theft of customer information occurred, Verizon told CNN Tech.

UpGuard — the same company that discovered leaked voter data in June — initially said the error could impact up to 14 million accounts.

Chris Vickery, a researcher at UpGuard, discovered the Verizon data was exposed by NICE Systems, an Israel-based company Verizon was working with to facilitate customer service calls. The data was collected over the last six months.

Vickery alerted Verizon to the leak on June 13. The security hole was closed on June 22.

The incident stemmed from NICE security measures that were not set up properly. The company made a security setting public, instead of private, on an Amazon S3 storage server — a common technology used by businesses to keep data in the cloud. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link.

The article says the leaked PIN numbers are of particular concern because smooth talking unsavory types could wreak havoc with a customer’s account:

Dan O’Sullivan, a Cyber Resilience Analyst with UpGuard, said exposed PIN codes is a concern because it allows scammers to access someone’s phone service if they convince a customer service agent they’re the account holder.

“A scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking,” O’Sullivan said. “Or they could cut off access to the real account holder.”

Verizon customers are being advised to change their PIN codes.