Verizon Partner Leaks Millions of Customer Accounts

The security firm analyzed a sample of the data and found some PIN codes were hidden but others were visible next to phone numbers.

The data, according to the report, was downloadable by anyone with the easy-to-guess web addresses.

Included in the massive database-which was first discovered by Chris Vickery, director of cyber risk researcher at security company UpGuard-were log files of communications from Verizon customers who had called customer service. The carrier is trying to reassure its clients that their data is still safe, despite the fact that the information was out in the open for a while and anyone could have snatched them at any time. Hopefully they haven't made any configuration mistakes that will allow your data to leak all over again.

The customer records include a customer's name, cell phone number, and their account pin, which could be used to grant access to a subscriber's account, according to a report by ZDNet.

The security firm said that 14 million subscribers were affected, about 10 percent of Verizon's 108 million total subscribers.

Verizon confirmed that a recent security incident exposed the personal identification numbers and other private information pertaining to millions of telecom customers.

An Israeli company, Nice Systems, mistakenly designated the data, which was stored on an Amazon S3 server, as "public", ZDNet reported when it broke the story.

Vickery alerted Verizon to the leak on June 13. It might not be as huge as the data leaks experience by Yahoo, which Verizon bought, but it is equally serious. It's unclear if the data is limited to Verizon Wireless customers or if residential and business services (such as FiOS) had exposed customer data, too.

Whether or not this was done on goal remains to be seen as a spokesperson for Verizon says that they are investigating the matter.

The company added that the PINs included in the data set are used to authenticate a customer calling its wireline call center, but do not provide online access to customer accounts. However, it was not until June 22 - more than a week later - that Verizon and NICE managed to close the breach. The company, which said an "overwhelming majority of information in the data set had no external value", asserted that nobody malicious has had access to the information.

  • Joey Payne