July 14, 2017
Names, addresses and phone numbers of nearly six million Verizon users were publicly exposed. Nice Systems seems to be the source to compromise this private information. Nice Systems is a Verizon partner which handles customer service calls. It has been discovered that an employee at Nice Systems used Amazon S3 storage server to access the data which had logs from residential customers who had dialed Verizon Customer service in the past six months.
Verizon is adamant that no other external party had access to the data, confirming that there has been no loss or theft of the customer information. Reports say that a security setting being misconfirgured is the cause of the data breach. This means that anyone who knew the web address could access the files and download it. The information on the data had record of the user’s name, mobile number, account PIN, home address and the balance on their Verizon account.
If some reports are to be believed some records were partially redacted, while most were not. The person who has hands of the user’s data could theoretically impersonate him/her and gain access to their account and the rest is history. According to Dan O’Sullivan, a Cyber Resilience Analyst with UpGuard, said it is a major concern if information about a PIN code is exposed as it allows the scammer to access someone’s phone service. “A scammer could receive a two-factor authentication message and potentially change it or alter it to his liking. Or they could cut off access to the real account holder”, added O’Sullivan.
Nice Systems and Verizon are investigating the data breach. Chris Vickery, a researcher at UpGuard was the first one to notice the breach in security way back in June and informed Verizon privately. In addition, this is definitely not the first time that a mobile carrier has suffered a breach like this. But if cyber security is being considered as a war, then one can expect more such data breach if not careful enough.