Millions of Verizon customer records left exposed in Israeli company lapse
Verizon users who called the company’s customer services over the last six months are at risk. The details were found on an unprotected Amazon S3 storage server of an employee of Nice Systems, an Israeli company specializing in phone recording, data security and analysis, Zdnet reports. Anyone who could guess the web address could reportedly have been able to download any of the files.
The customer record includes names, phone numbers and account pins. This would allow people to impersonate users through social media accounts and possibly hijack two-factor authentication security.
The details were stored in log files, which were recorded and analyzed by Nice. Verizon uses Nice to verify accounts and improve customer service.
Nice Systems said it is investigating the exposure, and said there’s “no indication” the information has been compromised, Engadget reports.
The discovery was made by Chris Vickery from security firm, UpGuard, who informed Verizon in June. It was another week before the data was secured. Although Nice said no other customer data was involved, Vickery said there was evidence that telecoms company, Orange had its data stored on the same server.
According to Zdnet, the records also contained information including email addresses, home addresses, account balances and even whether the customer has a federal government account. Some of the information appeared as being “masked,” but others had details visible.
"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project," a company spokesperson said.
"Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access."
Nice Systems has 85 of the Fortune 100 companies as customers and has been linked to government intelligence agencies and companies that crack phones.