In some cases, account pin numbers used to verify callers' identities were also exposed, O'Sullivan said.
The exposed customer records were from call logs that get created when a Verizon user contacts customer service. UpGuard notified Verizon of its findings June 6 and the vulnerability was corrected by June 22, UpGuard said. Apparently, one of NICE System's engineers working out of Ra'anana in Israel misconfigured the data repository, exposing millions of data points. The data on the server was contained in six folders labeled with each month from January to June.
Vickery alerted Verizon to the leak on June 13.
What's also worrying beyond the lack of security is the slow response by Verizon to the threat.
Willy Leichter, vice-president of marketing at Virsec, said this incident raises thorny security issues because it seems both careless and suspicious.
"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project", a company spokesperson said. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link.
Some of the records were "masked" in what appears to be a redaction effort to prevent an unauthorized disclosure of private information.
UpGuard declined to disclose how the leaked data was discovered.
As far as PINs go, those codes are used to authenticate a customer calling the wireline call center, "but do not provide online access to customer accounts". Hackers can call up Verizon and pose as the user that they are targeting using the leaked PIN code, with the goal of redirecting messages sent for two-factor authentication to their own device so that they can log into the victim's online account.
UpGuard contends that the exposure of unmasked PINs could allow fraudsters to trick Verizon into providing them with access to accounts.
Of late, there have been way too many leaks than there usually are. The subscribers affected were primarily those who called Verizon's customer services line in the last six months.
Why does this keep happening? The servers are secured by default, meaning leaks are generally the result of a change in the cloud's security settings.
John Gunn, chief marketing office for VASCO Data Security, said the fact that no data may have been downloaded does not minimise the risk of instances such as this.
- Amazon Prime Day sets company sales record
- Trump wanted to collude, but did Putin — LEONID BERSHIDSKY
- Tour de France 2017, Stage 11: Marcel Kittel Wins
- Looking For Details On Syria Ceasefire? Don't Ask US Military
- Nicola Sturgeon to meet EU's Brexit negotiator Michel Barnier
- Two Large Studies Offer Fresh Evidence of Coffee's Health Benefits
- Bryce Harper: Let top vote-getters pick teams for All-Star Game
- Chinese dissident, Nobel laureate Liu Xiaobo dies at 61
- Pak PM's daughter forged papers: Probe
- Trump Meeting With French President Macron In Paris