Jeudi, 19 Juillet 2018
Latest news
Main » Verizon says no customer data lost in reported breach

Verizon says no customer data lost in reported breach

13 Juillet 2017

In some cases, account pin numbers used to verify callers' identities were also exposed, O'Sullivan said.

The exposed customer records were from call logs that get created when a Verizon user contacts customer service. UpGuard notified Verizon of its findings June 6 and the vulnerability was corrected by June 22, UpGuard said. Apparently, one of NICE System's engineers working out of Ra'anana in Israel misconfigured the data repository, exposing millions of data points. The data on the server was contained in six folders labeled with each month from January to June.

Vickery alerted Verizon to the leak on June 13.

What's also worrying beyond the lack of security is the slow response by Verizon to the threat.

Willy Leichter, vice-president of marketing at Virsec, said this incident raises thorny security issues because it seems both careless and suspicious.

"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project", a company spokesperson said. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link.

Nevetheless, the data exposure, discovered by US-headquartered firm UpGuard and first reported by ZDNet, remains a huge amount of records.

Some of the records were "masked" in what appears to be a redaction effort to prevent an unauthorized disclosure of private information.

UpGuard declined to disclose how the leaked data was discovered.

As far as PINs go, those codes are used to authenticate a customer calling the wireline call center, "but do not provide online access to customer accounts". Hackers can call up Verizon and pose as the user that they are targeting using the leaked PIN code, with the goal of redirecting messages sent for two-factor authentication to their own device so that they can log into the victim's online account.

UpGuard contends that the exposure of unmasked PINs could allow fraudsters to trick Verizon into providing them with access to accounts.

Of late, there have been way too many leaks than there usually are. The subscribers affected were primarily those who called Verizon's customer services line in the last six months.

Why does this keep happening? The servers are secured by default, meaning leaks are generally the result of a change in the cloud's security settings.

John Gunn, chief marketing office for VASCO Data Security, said the fact that no data may have been downloaded does not minimise the risk of instances such as this.

Verizon says no customer data lost in reported breach