If you use Verizon, change your pin. Right. Now

Friday, 14 Jul, 2017

U.S. telecommunications giant Verizon has confirmed that the details of six million customers were exposed online by a third-party vendor, less than 24 hours after cybersecurity firm UpGuard published the claim that the scope of the incident was much larger. Personal details of these customers exposed on the Internet by NICE Systems.

"There is no difference between cyber-risk for an enterprise and cyber-risk for a third-party vendor of that enterprise".

If you're a Verizon customer, you need to change your PIN - the personal identification number you use when contacting customer service - right now. The cloud server was owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon. So, it had access to collect call details of users. The records go back six months, so only customers who called customer service had their account information compromised.

The data was found by a security researcher on an unprotected Amazon S3 storage server, which was controlled by an employee of Nice Systems. This, as you may have already guessed, means that anyone with the URL could have downloaded this data, which is becoming a worrying trend.

While this sounds good, Chris Vickery says that Verizon may not be the only telecom company affected due to this oversight.

Lieu's letter to Judiciary Chairman Robert Goodlatte (R-Va.) states that the data reportedly contained information on USA intelligence officials. The data was in the.zip format and it was around of 23GB. UpGuard initially estimated that the data of 14 million customers had been exposed, but Verizon has since said that the number is closer to 6 million.

Vickery is not a new name in the security industry.

But much of the damage has already been done, and the worst part is that nobody knows who managed to get their hands on the data before the breach was closed. He also exposed database linked to River City Media (RCM) containing almost 1.4 Billion user records.

Considering it's been behind several high-profile data leaks over the last few months, including major political parties, you'd think that by now, major companies would be checking and securing their off-site servers they maintain with Amazon. As of now there's no evidence that anyone other than Vickery has had access to this data.