Another day, another batch of leaked customer data. The victim this time? Verizon customers. Verizon has confirmed that they were the victim of a data leak affecting up to 6 million customers. The leak was due to human error, and the hole has since been patched, but Verizon customers are going to want to take some action to be sure their accounts aren’t compromised further.
The hack, or really more so the door that was left wide open for anybody to see allowed interested parties to see customer names, phone numbers, and in some instances PIN numbers for their Verizon accounts. The information was posted publicly, and anyone with the link was able to view this data over a period of around six months. The “human error” here was on the part of NICE Systems, and Israeli company that worked with VZW to facilitate customer service calls. An Amazon S3 storage locker was inadvertently left open.
The incident stemmed from NICE security measures that were not set up properly. The company made a security setting public, instead of private, on an Amazon S3 storage server — a common technology used by businesses to keep data in the cloud.
Curiously, Amazon S3 lockers are set as private by default, so it truly was a case of a third-party contractor leaving the door open. This seems to happen fairly frequently too, as the recent leak of voter data as well as the WWE leak from last week were a result of similar goof ups.
Users should probably change their PINs as soon as possible just to be safe, as a compromised PIN could allow someone with nefarious intent to lock a customer out of their account, change their settings, or any number of other unpleasant things they might do with access to your account.Source: CNN Money