Verizon has never had a particularly good reputation with US customers. The company has consistently managed to land itself in controversy over the years, and it looks like it has happened again. This time around, the personal details of around 14 million Verizon customers were exposed after the information was stored on an unsecured Amazon S3 server.
The records include details on up to 14 million customers that have called Verizon in the last six months. Verizon uses enterprise software company, Nice Systems, to manage this, but it turns out, they didn’t do a particularly good job as data was stored on an unsecured server.
Chris Vickery, Cyber Risk Research Director at UpGuard, was the person to find the data leak. According to ZDNet, he privately informed Verizon of the issue in June and it took them more than a week to properly secure the server.
The customer records were stored in log files that were automatically generated when any Verizon customer calls in to the customer service line. Nice Systems then takes these logs and analyse them for various insights into how the company is doing overall. The data stored in these logs include names, phone numbers and account pins- essentially most of the information needed to socially engineer your way into a person’s account.
KitGuru Says: This is a major overlook on both Verizon and Nice Systems part, and they took way too long to address the problem. Are you a Verizon user that could be affected by this leak?