A computer security company discovered that the data of millions of Verizon customers was freely accessible online, sitting unsecured on an Amazon cloud server. Anyone that could guess the url could access the data.
U.S.-based cybersecurity firm UpGuard notified Verizon of their findings. Verizon told UpGuard they entrusted the customer data to 3rd party vendor NICE systems, located in Israel. The company is used to log customer call data. The data exposed included names, phone numbers, and personal identification numbers used to speak with customer service.
I have changed suspended my cell service, put a hold on my bank acct, and changed a bunch of passwords. What am I missing?
— Justin Williams (@justin) July 7, 2017
“You should switch to Verizon,” they said.
“They’re better than AT&T,” they said.
Oops. https://t.co/MZ6bkMiI7o
— Justin Williams (@justin) July 12, 2017
Verizon’s official statement stated that “an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access.” The statement downplays the extent of the exposure, stating that only six million sets of customer data were exposed, rather than UpGuard’s count of 14 million. Verizon also says that no one unauthorized accessed the data except for UpGuard.
Misconfigured S3 bucket leaves 14 million Verizon customers exposed. https://t.co/UNTHvjAL4u #VerizonLeak pic.twitter.com/jCCiawr7ep
— UpGuard (@UpGuard) July 13, 2017
NICE serves 85 percent of Fortune 100 companies and has been involved in government surveillance operations for countries around the world.
Colin Fredericson for NTD Television