Washington - Verizon confirmed this week that
data belonging to 6 million customers was leaked online in June. News of the
incident was first reported by ZDNet.
In a statement on the
company's website, Verizon said the leak was caused by an employee of one of
the company's vendors who accidentally allowed external access to information
put in a cloud storage area
ZDNet reported that the data
was leaked on an unprotected Amazon S3 storage server. This made the data
available to anyone who had the public link to the cloud. (Amazon chief
executive Jeffrey Bezos also owns The Washington Post.)
Amazon didn't respond to a
request for comment.
A limited amount of personal
information, such as some phone numbers and PINs, were included in the data,
but it didn't include Social Security numbers or voice recordings, Verizon
said. The PIN numbers are used to authenticate a caller phoning into the
wireline call centre and can't be used to access customer accounts online, the
statement said.
No customer information was
lost or stolen, because the storage area was accessible only to Verizon; the
vendor, Israel-based NICE Systems; and the researcher who flagged the leak,
according to the statement.
That researcher was Chris
Vickery, who worked for the cybersecurity firm UpGuard. Vickery also discovered
earlier this year that some information of nearly 200 million voters was
exposed by a data firm working for Republican Party clients. That information
was also on an Amazon server.
According to CNN, Vickery
privately alerted Verizon to the issue on June 13. The security hole was sealed
June 22.
Read also: Verizon's profit sinks as it loses wireless subscribers
Although Verizon said that
the PINs alone can't help access online accounts, Hemu Nigam, a cybersecurity
analyst at SSP Blue, said he would still advise customers to change their PINs
because they could give people access to other accounts they use.
"The unfortunate part
is if you use that PIN, you're probably using a similar PIN for other
situations, so once I have that I can test that PIN on other things," he
said. "Verizon's relationship with the customer is not at risk, but the
customer is now at risk in other aspects of their lives."