Saturday, November 2, 2024
HomeData Breach6 Million Verizon Customers Data Leaked online Due to Misconfigured File...

6 Million Verizon Customers Data Leaked online Due to Misconfigured File Repository

Published on

Malware protection

Telecommunications giant Verizon’s Customers 6 Million Sensitive personal data leaked online due to misconfigured cloud-based file repository and this Misconfiguraton leads to exposed customer phone numbers, names, and some PIN codes publicly available online.

This Data Breach occurred due to “Human Error” and  Verizon’s Cloud-based file server was operated by Verizon’s Third Party vendor  NICE Systems.

Data Repository Belongs to unprotected  Amazon Web Services S3 bucket and Verizon used NICE Systems technology in its back-office and call center operations.

- Advertisement - SIEM as a Service

This Leak Discovered by UpGuard  ,the company — the same company that discovered leaked voter data in June.

Also Read   198 Million American Voters Personal Records Leaked In Public- Biggest Voters Data Leak Ever

Leaked Data Contain Verizon Call Center logs

Exposed data contained 6 million records of subscribers who called the phone giant’s Verizon’s customer services in the past six months and the leaked data was downloaded by anyone by easy guess web address.

An indicator of this attack was repository’s subdomain, “Verizon-sftp,” and Folders were titled from “Jan-2017” through “June-2017,” and each folder contained folders for each day of the month.

The “verizon-sftp” repository (Soruce: UpGaurd)

Each Folder Contains directories of each and every days of the month and each day’s folder contains the compressed files.

According to UpGuard , Once unzipped, the contents of these daily logging folders are revealed to be sizable text files, some as large as 23 GB and the text Files contains composed of voice recognition log files, the records of an individual’s call to a customer support line, including fields like “TimeInQueue” and “TransferToAgent.”

“Other fields and their answers, such as “CallCenterPassword,” indicate which account-holders have requested a higher standard of security for customer service calls to change account settings, allowing any potential scammers in possession of the logs to determine which customers would be easier to victimize.”

Nice Systems Unprotected  cloud server also contained data from French mobile telco Orange S.A. but unlike Verizon ,those data not as sensitive as the data stored in the Verizon directory.

UpGuard spoke person Dan O’Sullivan said, exposed PIN codes is a concern because it allows scammers to access someone’s phone service if they convince a customer service agent they’re the account holder.

Also Read   Massive WWE Data Breach Over 3 Million Fans Records Exposed

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue...