The major telecom company Verizon has suffered a data breach that affects over 14 million US customer. Personal details of these customers exposed on the Internet by NICE Systems. This third-party vendor mistakenly left the sensitive users’ details open on a server.
The exposed data includes names, phone numbers account, and PINs (personal identification numbers). This information is enough to get access to any customer’s account even if it is protected by two-factor authentication.
Samsung Galaxy S7 - Flat Rs. 23010 offSamsung S7 Now at Rs 22990 | Rs. 23010 off + up to Rs. 18,000 off on exchange
NICE Systems is the known company that offers a wide range of solutions including telephone voice recording, data security, and surveillance. So, it had access to collect call details of users. The data contains the records of customers who called the Verizon’s customer services in the past 6 months.
Chris Vickery who is the director of cyber risk research at security firm UpGuard found this exposed data on unprotected Amazon S3 cloud server. This data can be downloaded and configured to allow public access. Vickery found six folders titled “Jan-2017” through “June-2017” containing customer data. These folders contained a directory for each data of the month. The data was in the .zip format and it was around of 23GB.
Verizon apologized to their customers for this data leak and claimed that PIN numbers exposed in this incident were not actually connected to customer accounts.
Vickery is not a new name in the security industry. He is the person who exposed various data sets in past. He also found an unsecured Amazon S3 server of Deep Root Analytics (DRA) that exposed information of more than 198 million US people. He also exposed database linked to River City Media (RCM) containing nearly 1.4 Billion user records. There are few more notable incidents of past.
As a responsible researcher, Vickery informed Verizon in June and the data was secured within a week. As of now, there is no news if the data was accessed by any other person. But the company should try to investigate and take proper steps to avoid such incidents in future.