recommended reading

Threatwatch

Misconfigured Server Exposed 6M Verizon Customers

Accidentally leaked credentials

“Human error” caused 6 million Verizon customers’ personal data to be available online, the company confirmed Wednesday.

A misconfigured cloud server—maintained by a third party—made customer phone numbers, names and some PINs available to anyone who had the link, Verizon told CNNTech.

Chris Vickery, a security researcher with UpGuard, discovered the breach and notified Verizon on June 13. The problem was fixed June 22. Vickery told ZDNet, which first broke the story, that as many as 14 million Verizon customers who called Verizon’s customer service may have had their information exposed.

The names, phone numbers and PINs are enough to verify account ownership, so someone could have taken over subscribers’ accounts, according to ZDNet.

Verizon said customer information was not lost or stolen.

Vickery also recently discovered a misconfigured Amazon Web Services S3 bucket that exposed data of 198 million voters.

sector

Telecommunications

reported

July 12, 2017

reported by

ZDNet

number affected

6 million

location of breach

Unknown

perpetrators

Employee

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

2017/06/13