Verizon Database Exposed Online with the details of 14 Million Customers!

  • 146
  •  
  •  
  • 1
  •  
  •  
  •  
    147
    Shares

Verizon is an American multinational telecommunications conglomerate and the largest U.S. wireless communications service provider as of September 2014, and a corporate component of the Dow Jones Industrial Average.

Chris Vickery, director of cyber risk research at security firm UpGuard, found an unprotected database on Amazon S3 that was completely downloadable and configured to provide public access. The database and its multiple terabytes of contents could thus be accessed simply by entering the S3 URL.

According to UpGuard:
“The repository’s subdomain, “verizon-sftp,” is an indication of the files’ corporate origins. Viewing the repository, there are six folders titled “Jan-2017” through “June-2017,” as well as a number of files formatted with .zip, among them “VoiceSessionFiltered.zip” and “WebMobileContainment.zip.” These files, inaccessible via .zip extraction, could be decompressed once the format was changed to .gzip, another file compression program.”

The “verizon-sftp” repository.

The data included sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers). The database was sitting on an Amazon Web Services S3 server without any type of authentication.

“This is not all, however. A great many Verizon account details are also included in the logs, such as customer names, addresses, and phone numbers, as well as information fields indicating customer satisfaction tracking, such as “FrustrationLevel,” and service purchases, such as “HasFiosPendingOrders.” Values including number ratings, “True,” “False,” “Y,” and “N” are assigned to each field. For a large amount of these logged calls, however, the most sensitive data—such as “PIN” and “CustCode”—is masked.”

Customers data

The researcher reported the exposure to Verizon team in late June, and the database was then secured in a week.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Latest posts by Unallocated Author (see all)

Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!