advertisement
Home
News
Sports
Suburban Business
Entertainment
Lifestyle
Opinion
Classifieds
Obituaries
Shopping
Newspaper Services
Business

6M Verizon customer account details left unsecured

Posted July 13, 2017 1:00 am
PCMag.com

Another day, another unsecured data storage system reveals millions of customer records. This time it's Verizon customers in the U.S. who were at risk, and the exposure is due to a misconfigured cloud-based file repository owned by Nice Systems.

According to UpGuard, who discovered the unsecured data, up to 14 million Verizon customer details were available to download by anyone who could guess a web address. Verizon has since clarified it was 6 million.

UpGuard traced the data back to a Nice Systems engineer based in the company's Ra'anana, Israel headquarters. Nice Systems provides both back-office and call center operations systems for Verizon. The Nice engineer had setup an Amazon Web Service S3 data store which was then used to log Verizon customer call data. That data included names, addresses, phone numbers, and account PIN codes. Used together, they would give a scammer everything required to pose as a Verizon customer on a call.

According to ZDNet, the data is collected from customer calls and stored by Nice Systems so that it can be analyzed to help improve the customer service experience. The log files created contain the last six months of customer call data. But why was it unsecured, and why was it the responsibility of a single engineer at Nice?

What's also worrying beyond the lack of security is the slow response by Verizon to the threat. UpGuard informed Verizon of the security risk on June 13, but it wasn't fixed until June 22.

In a press release, Verizon responded to the data exposure discovery by stating, "We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information."

The release goes on to state that, "The overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included, and in particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area."

• This article originally appeared on PCMag.com.

0 Article Comments
Article Categories
Business Information Technology
Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.
Back To Top
About Us
Staff
Quick Links
Advertising
Services
Copyright © 2024 Paddock Publications, Inc., P.O. Box 280, Arlington Heights, IL 60006
Paddock Publications, Inc. is an Employee-Owned Company