Cybersecurity firm UpGuard uncovered an issue with Verizon's security settings, which exposed over six million users' phone numbers, full names, and select PIN codes online. Verizon later confirmed the security breach, saying that it it was due to "human error" associated with a cloud server.
Though the company acknowledged the data breach, it told CNN Tech that "no loss or theft of customer information occurred." CNN explains that UpGuard discovered the leaked data on June 13 and that Verizon had closed the security hole by June 22. The situation was traced back to NICE Systems, a company based in Israel that Verizon had collaborated with for customer service calls.
The PIN codes that were leaked aren't related to banking, however: They're personal security codes that customers use when they're contacting customer service representatives, so there's no need to worry about financial hacks. The leak does allow hackers to pose as Verizon customers, though, which could have been problematic if specific phone numbers were associated with their respective PINs.
"A scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking," Dan O'Sullivan, a cyber resilience analyst at UpGuard told CNN. "Or they could cut off access to the real account holder."
O'Sullivan added that Verizon customers should change their PINs, ensuring that they don't repeat one that they've used before.
According to CNN, NICE Systems did not properly set up an Amazon S3 storage server, which is a very common tool used by companies that deal with cloud storage. By default, the servers are set to be private, but security can be flipped to public, giving access to anyone with a direct link. O'Sullivan explained that the security settings were probably changed by accident.
Read These Stories Next: