According to the Cyber Risk Team of Upguard, a misconfigured cloud-based file repository of the carrier exposed its customers' names, account details, addresses, and account PINs (personal identification numbers). NICE Systems was the third-party vendor Verizon hired to manage its cloud server data, who was using Amazon's S3 cloud platform.
ZDNet, a tech website, was the first to report the leak. The website shared that the security measures imposed by NICE were not properly set up since a security setting on the server was set to public instead of private. What this meant was that anyone who had a link to the cloud was able to access any data that Verizon stored.
UpGuard discovered the issue and has since alerted Verizon of the leak. According to its discovery, data was being collected for the last six months. The company did not disclose the total amount of data stored on the S3 data "bucket" but there were individual files that were as large as 23GB. Chris Vickery, a researcher for the cybersecurity firm, had alerted the carrier of this security risk but says it took Verizon over a week to close down the security hole.
NICE, however, has released a statement downplaying how severe the leak was. The Israel-based company shares:
"A human error that is not related to any of our products or our production environments nor their level of security, but rather to an isolated staging area with limited information for a specific project, allowed data to be made public for a limited period of time."
For now, the cybersecurity firm recommends that all Verizon customers change their PIN codes so they can safeguard their information from scammers. Once a scammer obtains a customer's personal information and PIN, they can already pull off something as simple as a SIM card swap. The leaked information may also give scammers access to the online accounts of the customer. And as we know, these scams can be pretty costly.