The security issues was caused by a misconfigured security setting on a cloud server due to “human error,” CNN notes. The result? Customer numbers, names, and some PINs were publicly available on the Internet. Verizon told CNN there has been no loss or theft of customer information.
The issue was first discovered from the cybersecurity firm UpGuard, according to the ZDNet report. UpGuard declined to say how the leaked data was discovered.
Chris Vickery is the researcher at UpGuard who first discovered the leak. Vickery told CNN that the data were exposed by NICE Systems, a company based in Israel that Verizon was working with to facilitate customer service calls. According to ZDNet, NICE security measures were not set up properly because it made a security setting public on an Amazon S3 storage server, instead of making it private. This means that the Verizon data stored in the cloud was visible to anyone who had the public link for a short period of time.
The data was collected over the last six months. Vickery alerted Verizon to the leak, according to ZDNet, but it took over a week for the security hole to be closed.
In response to the leak, Dan O’Sullivan, a Cyber Resilience Analyst with UpGuard, advised that Verizon customers change their PIN codes to protect themselves from scammers. And one Democratic congressman told ZDNet the breach was “highly troubling.”