Millions of Verizon customer records left exposed in Israeli company lapse

Verizon security error leaves millions of customer records exposed
Verizon contractor left 14M customers' data unprotected
Author

14 July, 2017

The personal data of more than 6 million Verizon customers has leaked online due to "human error", the company confirmed on Wednesday.

UpGuard, a cybersecurity firm, discovered an unsecured data storage system set up by a third-party Verizon contractor, ZDNet reported.

The data is found in an unprotected Amazon S3 storage server administered by an engineer for NICE Systems, which is based in Israel. Vickery alerted Verizon to the leak, according to ZDNet, but it took over a week for the security hole to be closed. UpGuard discovered that leak as well.

A security lapse leaks data from millions of Verizon customers.

The customer record includes names, phone numbers and account pins. I say "not directly" because a Wireline customer could obviously also be a Wireless customer and their Verizon Wireless number could have been exposed if they have it attached to a Wireline account. And, while you're at it, ask Verizon to do a little more about security.

Trump faces off against an increasingly hostile China at G20
It now appears that China is pushing back against the U.S. pressure , setting the stage for a potential confrontation. Xi said China attaches great importance to Trump's reaffirmation of U.S.adherence to the policy.


Joey Chestnut breaks record for hot dog eating contest with 72 h
Competitors participated in Nathan's Famous July Fourth Hot Dog Eating Contest today in NY - but only two walked out champions. The owner of the Coney Island stand, Nathan Handwerker, overheard four immigrants arguing over who was more patriotic.


Congress says all is well in Bihar alliance
Party sources said that the prime focus of the meeting was to increase political footprint of the party within the state. The Congress leader said "these statements have not affected our Bihar arrangement in any manner".


"The long duration of time between the initial June 13th notification to Verizon by UpGuard of this data exposure, and the ultimate closure of the breach on June 22nd, is troubling", Upguard wrote.

"As a media outlet recently reported, an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access", Verizon's statement read. Each record in the log files contained customer data such as name, cell phone number, account PIN, email address, home address, Verizon services subscribed to, current account balance, federal government account number, frustration score, and hundreds of such other fields.

UPDATE: Verizon has responded to the breach by saying no information was stolen. Changing passwords and setting up two-step authentication is always a good idea after a security breach where personal data may have been compromised. "Companies like Verizon must insist that third party vendors like Nice protect their customer data as they move it to the public cloud".

"Cyber risk is a fact of life for any digital service".

"In relation to this specific case, there are technologies available today that could have quickly, easily and cost effectively ensured appropriate configuration of the cloud service, denied unauthorised access, and encrypted the sensitive data at rest".


More news