Misconfigured Server Exposed 6M Verizon Customers
Accidentally leaked credentials
“Human error” caused 6 million Verizon customers’ personal data to be available online, the company confirmed Wednesday.
A misconfigured cloud server—maintained by a third party—made customer phone numbers, names and some PINs available to anyone who had the link, Verizon told CNNTech.
Chris Vickery, a security researcher with UpGuard, discovered the breach and notified Verizon on June 13. The problem was fixed June 22. Vickery told ZDNet, which first broke the story, that as many as 14 million Verizon customers who called Verizon’s customer service may have had their information exposed.
The names, phone numbers and PINs are enough to verify account ownership, so someone could have taken over subscribers’ accounts, according to ZDNet.
Verizon said customer information was not lost or stolen.
Vickery also recently discovered a misconfigured Amazon Web Services S3 bucket that exposed data of 198 million voters.
July 12, 2017
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected