Verizon customers in millions have exposed their records, ZDNet reported. Verizon acknowledged that 6 million records by Nice Systems were compromised. Nice Systems, a Verizon partner facilitates the customer service calls. The records, it held logs from residential customers who called Verizon customer service in the recent six months. These were accessed through an Amazon S3 storage server that was unprotected and was controlled by Nice Systems employee.
CNN reports that the main cause was a un-organzied security setting on the server. Owing to this, anyone aware of the web address was able to download the files. But Verizon assures that no external party accesses this data, and that no theft or loss occurred on the customer information.
Each record had the name of the customer, PIN, mobile number, the home address, email address and the account balance of the Verizon. It is possible that anyone having access to such records could have impersonated theoretically a subscriber and could have got access to their account.
Verizon and Nice Systems have confirmed that they are investigating this breach. Nice also informed that the data was “part of a demo system,” but did not elaborate. On June 13th, Chris Vickery, a researcher with cybersecurity firm UpGuard, first noticed this breach and privately informed Verizon. Finally, nine days later the data was secured on June 22nd.
This is not the first time a mobile carrier suffers a data breach. In 2015, a breach at data broker Experian exposed similar information for 15 million T-Mobile customers. In 2016, hackers stole data from Verizon’s enterprise unit, that offers IT services to companies, and put it on online sale.