U.S. telecommunications giant Verizon left millions of user records exposed over a six-month period. The data was held on an Amazon storage server managed by Israeli company Nice System. 14 million customer records were held on what’s been described as a poorly secured database.
The vulnerable database was discovered by Chris Vickery, director of cyber risk for UpGuard. Held in the storage were logged files of Verizon communications between customers and the company’s customer service department.
14 million separate customer records were held in the database. Among the details were cell numbers, accounts PINs, names, and addresses. Important, the PIN number would potentially allow any hacker to breach an account security easily.
With this access, it would be possible to hijack the account and phone number. Furthermore, the Amazon database held significant customer details, like account balance, subscription plans, and what job the customer has.
While the storage system is Amazon, the management of the database was the responsibility of Nice Systems. The company is tasked with managing Verizon’s customer service calls. Nice Systems records calls and helps the network improve its customer experience.
Verizon was reportedly told about the vulnerability in June. Since then, the company and Nice Systems have secured the system, but is seems to have taken over seven days to do that.
Third-Party Data Access
Considering Verizon is known to have close ties to government agencies, the breach is worrying. Perhaps more importantly is the fact many customers would not have known their data is seen by a third-party company. Vickery says, while not an uncommon practice, it is something most users may not realize happens:
“The prospect of a host of your applications and digital accounts being compromised from one third-party vendor’s exposure of data is not science fiction, but the unfortunate reality of cyber risk today. The data exposed in the Verizon/NICE Systems cloud leak is, indeed, a testament to how profoundly every aspect of life today is touched by those systems to which we impart so much knowledge.”
Since the discovery, Verizon has confirmed there was a vulnerability that has since been shored up. The company adds that six million customer accounts were open, not the reported 14 million.