But while Verizon says that the information in the data set was limited, UpGuard found customer names, cell phone numbers, account PINs, home addresses, email addresses, current balances on accounts, and daily log files, including references to voice conversations with customers and call center reps.
A security lapse leaks data from millions of Verizon customers. The end result of that mistake is that customer data was visible online to anyone who cared to look, at least until Verizon was made aware of the issue.
According to ZDNet's report, Verizon also had no prior knowledge that all of this data was exported by Nice Systems, which makes the whole situation even more concerning. In the cloud era, a new generation of security researchers has used different tools, including the popular Shodan search engine, to find information that has not been secured or configured properly. If these were mobile phone numbers, they could have allowed potential attackers access to customers' Verizon accounts. Despite Verizon's claim that no data was externally exposed, subscribers who have had a customer service interaction between January and June of this year, might want to take appropriate measures to secure their accounts.
Who exactly is affected by the data breach? Israel-based Nice Systems is a third-party vendor that handles customer service operations for Verizon.
The entire problem came from a security setting that NICE Systems put on public instead of putting it on private. "Such third-party vendors are entrusted every day with the sensitive personal information of consumers unaware of these arrangements", said UpGuard.
"Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project", a Verizon spokesperson told ZDNet Wednesday, referring to Amazon Web Services, a cloud computing platform commonly used to host internet-accessible databases.