Published: Fri, July 14, 2017
Sci-tech | By Javier West

Verizon Won't Be The Last to Leave Data Exposed in the Cloud

Verizon Won't Be The Last to Leave Data Exposed in the Cloud

There were almost 14 million subscriber records who called Verizon's customer service department in the past six months that were found on an unprotected Amazon S3 storage server controlled by an employee of Nice Systems.

Data belonging to at least 6 million Verizon subscribers were exposed due to a security lapse by one of the carrier's customer service partners.

Cevasco also said that Lieu was not convinced by Verizon's assertions that they had access to reports of all the people who might have viewed the data.

Verizon's breach is not a wireless issue, but is related to a residential and small business wireline self-service call center portal, the company said.

The records also included data such as a customer's home address, email address, their account balance, and if a subscriber has a Verizon federal government account, among other data.

It appears securing data in the cloud, specifically Amazon Web Services' (AWS) cloud, is hard for some companies given the frequency in which cybersecurity researcher Chris Vickery is revealing his discoveries. Initial reports from them indicated that as many as 14 Million Verizon users might be at risk.

O'Sullivan says the Verizon case highlights how many third-parties have access to our personal data.

The security firm said the files were discovered on an unprotected Amazon Web Services (AWS) database on 8 June but that the issue was not fully resolved until weeks later, on 22 June 2017. The company, which said an "overwhelming majority of information in the data set had no external value", asserted that nobody malicious has had access to the information. It warned that beyond the risks of names, addresses and account information being made accessible, the exposure of Verizon account PIN codes used to verify customers, alongside their associated phone numbers, was of particular concern.

Vickery alerted Verizon to the leak on June 13.

Because of the nature of the cloud repository, Upguard was unable to tell how many times the data may have been found by others before it was discovered by the security firm.

Verizon told its customers the leak didn't result in a "loss or theft of Verizon or Verizon customer information".

Nice Systems, the company responsible for the server that housed the information, had access to the data to analyze customer service call experience.

Like this: