Home / Security Watch / 6M Verizon Customer Account Details Exposed

6M Verizon Customer Account Details Exposed

Another day, another unsecured data storage system reveals millions of customer records. This time it's Verizon customers in the US who were at risk, and the exposure is due to a misconfigured cloud-based file repository owned by Nice Systems.

According to UpGuard, who discovered the unsecured data, up to 14 million Verizon customer details were available to download by anyone who could guess a web address. Verizon has since clarified it was 6 million.

UpGuard traced the data back to a Nice Systems engineer based in the company's Ra'anana, Israel headquarters. Nice Systems provides both back-office and call center operations systems for Verizon. The Nice engineer had setup an Amazon Web Service S3 data store which was then used to log Verizon customer call data. That data included names, addresses, phone numbers, and account PIN codes. Used together, they would give a scammer everything required to pose as a Verizon customer on a call.

According to ZDNet, the data is collected from customer calls and stored by Nice Systems so that it can be analyzed to help improve the customer service experience. The log files created contain the last six months of customer call data. But why was it unsecured, and why was it the responsibility of a single engineer at Nice?

What's also worrying beyond the lack of security is the slow response by Verizon to the threat. UpGuard informed Verizon of the security risk on June 13, but it wasn't fixed until June 22.


In a press release, Verizon responded to the data exposure discovery by stating, "We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information."

The release goes on to state that, "The overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included, and in particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area."

Read more

Check Also

Samsung Vice Chairman Jay Y. Lee Released from Jail

He is now a free man after a panel of judges ruled to suspend his sentence.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.