Home - , - Verizon Customers May Be Victims of Latest Cloud Leak

Verizon Customers May Be Victims of Latest Cloud Leak

verizon-cloud-leak
Verizon customers, here is some bad news for you: the telecommunications company has just confirmed that its customers are affected by the latest leak. This leak exposes the personal data of as much as 14 million customers of the carrier.

According to the Cyber Risk Team of Upguard, a misconfigured cloud-based file repository of the carrier exposed its customers' names, account details, addresses, and account PINs (personal identification numbers). NICE Systems was the third-party vendor Verizon hired to manage its cloud server data, who was using Amazon's S3 cloud platform.

ZDNet, a tech website, was the first to report the leak. The website shared that the security measures imposed by NICE were not properly set up since a security setting on the server was set to public instead of private. What this meant was that anyone who had a link to the cloud was able to access any data that Verizon stored.

UpGuard discovered the issue and has since alerted Verizon of the leak. According to its discovery, data was being collected for the last six months. The company did not disclose the total amount of data stored on the S3 data "bucket" but there were individual files that were as large as 23GB. Chris Vickery, a researcher for the cybersecurity firm, had alerted the carrier of this security risk but says it took Verizon over a week to close down the security hole.

NICE, however, has released a statement downplaying how severe the leak was. The Israel-based company shares:

"A human error that is not related to any of our products or our production environments nor their level of security, but rather to an isolated staging area with limited information for a specific project, allowed data to be made public for a limited period of time."

For now, the cybersecurity firm recommends that all Verizon customers change their PIN codes so they can safeguard their information from scammers. Once a scammer obtains a customer's personal information and PIN, they can already pull off something as simple as a SIM card swap. The leaked information may also give scammers access to the online accounts of the customer. And as we know, these scams can be pretty costly.



Source: UpGuard

Tags: ,

9 comments:

Comment Page :
  1. Would this affect any Verizon MVNO like Page Plus?

    ReplyDelete
    Replies
    1. I don'tthink so. Verizon MVNO are operated independently and so no share cloud systems with Verizon. I think this applies to actual postpaid Verizon customers and maybe prepaid Verizon but no MVNO

      Delete
  2. In a statement, Verizon said that no outsider other than the researcher who alerted them of the hack saw this data.

    No explanation on why it took a week to fix, though.

    ReplyDelete
  3. When I grew up, we called cloud leaks "rain".

    ReplyDelete
  4. This is an example of why MANY prepaid customers in urban areas using services such as boost mobile and ATT prepaid pay cash for their phones, make monthly payments through cash bought refill cards or in cash at store fronts and do not use debit cards or credit cards for any services even when there are autopay discounts. They also use common names such as John Doe for identification to link accounts with phone numbers.

    ReplyDelete
    Replies
    1. Well, there's no need to pay cash for the refill cards unless you are trying to stay clear of a DEA investigation, I suppose.

      Sure, you don't want to register your card on the Boost site if you're afraid of a cloud leak, but, if you buy a Boost card in CVS or Walmart with your credit card, they don't send your name to Boost. You can have registered with Boost as "Capt. Lionel Mandrake" and that's all they know.

      Delete
    2. I don't think there's any reason to believe that it's safer to use your credit card at CVS or Walmart than at Boost. CVS had a customer data breach in 2015. Target had a big one too, Walmart or Boost could be next.

      Delete
  5. You're only liable for a maximum of $50 in credit card fraud, and in reality they rarely hit you for that in my experience. Always use a "credit" card and not a debit card and you are protected. I have had VISA back me up when a vendor didn't deliver several thousand dollars worth of merchandise--full refund for the amount.

    ReplyDelete
  6. prepaid service was cash based before auto payments dealers accepted cash only

    ReplyDelete
Comment Page :


Comments must be approved before they will appear. The following types of comments will not be approved:
- Off topic, comments should be related to the contents of the post.
- Name calling and insults directed at other commenters.
- Racist, sexist, ableist etc. comments.
- Language you shouldn't use in front of other people's children.