Records of millions of Verizon subscribers were unprotected online

A cybersecurity researcher first noticed the issue – though Verizon said the number of people affected is "overstated."
Author:
Updated:
Original:

Data for millions of Verizon users was left unprotected on the internet recently, allowing anyone who knew the web address to access the records.

The sensitive information was first discovered by UpGuard, with the site's Director of Cyber Risk Research Chris Vickery finding the data on Amazon Web Services cloud storage.

UpGuard said names, account details, addresses and verification PIN numbers were all vulnerable.

This data was not being stored directly by Verizon. Instead, it was handled through a third-party vendor called NICE Systems, an international company that does back-end business data and security work.

According to ZDNet, the customer data was from people who had called a customer service line in the past six months.

Verizon confirms – but says no customer info was stolen

Verizon in a news release confirmed that yes, customer data was left semi-out in the open on a server. But the company stressed that there's no record of anyone accessing the data aside from Verizon, NICE Systems, and the researcher who brought the issue to the company's attention.

"In other words, there has been no loss or theft of Verizon or Verizon customer information," the release said.

The company also takes issue with what exactly was vulnerable. Verizon claimed most of the info didn't have any value to people, though admitted there was "a limited amount of personal information" there. No Social Security numbers or voice recordings were stored on the server, however.

Verizon also said there was a "limited number" of cell phone numbers there, and the PINs could only be used when someone called the help center to verify their identity – they don't allow online account access or anything.

UpGuard initially said the personal information of up to 14 million people was vulnerable, but Verizon called that "overstated," and pegged the figure at about 6 million "unique customers."

"Verizon is committed to the security and privacy of our customers. We regret the incident and apologize to our customers," the response concluded.

UpGuard, though, said the entire incident – even if nothing was taken – is a "potent example of the risks of third-party vendors handling sensitive data." Basically, if some other company has your important data, it's only as secure as that company makes it.

That's what reportedly led to the Target data breach in 2014. Cybersecurity writer Brian Krebs said the hackers gained access to Target’s network using credentials stolen from a Pennsylvania refrigeration company that has worked at a number of Target locations.

Next Up

closed sign

What's open and closed in Minnesota on Thanksgiving Day 2020?

Most services will not be running on Thursday and unlike most years, many stores will be closed, too.

PennyMomentos

How a turkey's brush with celebrity in Bloomington came to a tragic end

DNR: if you care about wild animals, stop feeding them

TCF Bank Stadium

Saturday's Gophers/Badgers football game canceled due to COVID-19 issues

The Battle for Paul Bunyan's Axe will not take place for the first time since 1906.

coronavirus, Iowa

MN health officials don't think downside of COVID-19 peak has arrived

We could be in a trough between a series of waves, Jan Malcolm said.

covid-19, coronavirus

Wisconsin reports record 104 deaths from COVID-19 Tuesday

That's roughly 10% of the total in the nation in a 24-hour period.

Drywall

Husband and wife sentenced for fraud scheme through their drywall firm

The Annandale pair bilked an insurance company out of more than $300,000.

ambulance

4 pedestrians suffer life-threatening injuries after being struck by vehicle

Two vehicles crashed into a car that was on the side of the road after striking a deer.

Marcus Carr

Gophers season preview: New lineup, deeper bench, more questions

Mathew Goldstein takes a deep dive into the murky waters of the college hoops season.

20201107_vivir-1151-Edit

Photos: ViV!R, Minneapolis' new Mexican cafe and shop, is now open

The team behind the acclaimed Popol Vuh have opened the cafe in the same space.

MasklessJudgesinWiscoyTownship

At Wiscoy Township's sole precinct, election judges ditched masks

Voter and Wiscoy resident Kaitlyn O'Connor took a photo of the judges after asking them to wear masks, she said

Related

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

Netflix remembers every time you pause a show (and a lot of other info)

It sees you when you're binging. It knows when you hit pause.

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

Instagram influencers are still sneaking ads to millions of followers, groups say

What's an ad and what's not? That's often unclear on Instagram, some groups are arguing.

How Mall of America is using data it gets from shoppers on the free Wi-Fi

Mall of America is collecting data on the shoppers that log into its 5.6-million-square-foot Wi-Fi network.

Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.