- Netflix’s ‘The Confession Killer’ is a devastating and well-built portrait of a con artist 2 Years Ago
- Swipe This! I’m ashamed to tell anyone about my online shopping habit Today 6:00 AM
- UPS facing backlash for thanking police after employee killed in shootout Saturday 5:02 PM
- Sanders campaign fires staffer after anti-Semitic, homophobic tweets surface Saturday 3:13 PM
- Brother Nature was attacked, says everyone just watched with phones out Saturday 2:45 PM
- Ryan Reynolds’ gin company hires Peloton wife for ad Saturday 1:24 PM
- Ex-vegan YouTuber accused of fraud after following meat-only diet Saturday 1:11 PM
- The 15 best Disney+ hidden gems and deep cuts Saturday 12:23 PM
- Everyone in GoFundMe scam involving homeless veteran has now pleaded guilty Saturday 12:06 PM
- Boy invites kindergarten class to his adoption–and people are emotional Saturday 11:56 AM
- Reddit links leaked trade deal documents to Russian campaign Saturday 10:44 AM
- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Saturday 8:30 AM
- Amazon sends customers condoms and soap instead of Nintendo Switch Saturday 8:28 AM
- How to live stream Jermall Charlo vs. Dennis Hogan Saturday 8:00 AM
- Apple TV’s ‘Truth Be Told’ is a criminally dull drama Saturday 6:00 AM
The records were reportedly left unprotected in an Amazon storage server owned and operated by Israeli tech company Nice, a third-party vendor of Verizon and client of 85 Fortune 100 companies. The exposed data was left out in the open for anyone who could guess a URL ZDNet considered “easy-to-guess” (though the exact URL was not reported). It was bundled in six different folders for each month from January to June of this year. Each of those folders contained daily text files of customer service recordings from different U.S. regions.
The data vulnerability was first discovered by IT monitoring company UpGuard, which said it estimated the amount of users affected by averaging the number of accounts exposed per day in a sample it downloaded. The unprotected cloud repository, which was created to log customer call data, exposed the names, addresses, account details, and PINs of Verizon subscribers throughout the U.S. Some of the text files even said what service a subscriber was signed up for, the balance of their account, and if the subscriber has a government account. It also included a “frustration score” based on what words were said by the customer during their call.
UpGuard notified Verizon of the vulnerability on June 13. It wasn’t patched until June 22. During that time, customers may have had their PINs stolen. That bit of information could be all that is needed for an impersonator to take over customer accounts. It could even allow someone to bypass two-factor authentication and hijack any call or text sent to the customer.
In responding to the data breach, Verizon claimed the number of subscribers affected was “overstated.”
“As a media outlet recently reported, an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access,” a Verizon spokesperson told CNBC. “We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information. We regret the incident and apologize to our customers.”
Nice told ZDNet that none of its systems or products were breached and “no other Nice customer data was involved.”
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.