Verizon confirms data leak affecting 6 million customers

Pedestrians pass a Verizon Wireless store on Canal Street in New York. Verizon confirmed Wednesday that data belonging to 6 million customers was leaked online in June

Verizon security error leaves millions of customer records exposed

"As a media outlet recently reported, an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access", a spokesperson for Verizon told CNBC Wednesday.

The files "exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million United States customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded", according to the report. Each text file held information on Verizon customers.

Engadget.com reports that an employee at Nice Systems, a carrier partner of Verizon, allowed 14 million residential customer records to be unguarded on an Amazon S3 server.

The data was contained in log files that generated over the last six months as Verizon customers called customer service.

Chris Vickery, a researcher at UpGuard, alerted Verizon of the leak on June 13 after discovering it.

Ariana Grande is honorary citizen of Manchester
Councillor Sue Murphy, who seconded the motion, also revealed plans for a permanent memorial dedicated the victims in the city. It was understandably an emotional ordeal for her, and it would have been understandable for her not to return to the city.

The process by which the user data was exposed was due in part of a setting set on "public" instead of "private" on a storage server.

ZDNet first reported the breach. That's not going to be very reassuring, though, as it's not clear who (if anyone) downloaded the data while it was public.

The files included names, cell phone number and account pins. "Or they could cut off access to the real account holder". In June, an analytics firm exposed the data of nearly 200 million voters, and earlier this month, an insecure server leaked 3 million WWE fans' data last week. On June 8, they found the data in an open Amazon Simple Storage Service (S3) bucket with a subdomain "verizon-sftp", and figured it was worth a look.

"This massive data leak could have been avoided by using specific data-centric security tools, which can ensure appropriate configuration of cloud services, deny unauthorized access, and encrypt sensitive data at rest", he said.

Latest News