Names, phone numbers and other information of millions of customers of Verizon were made available on a publicly accessible storage area owned by one of the company’s vendors, according an enterprise security software company that discovered the exposed data.
The data repository “was totally publicly accessible, anyone entering a URL in a browser would have been able to access it,” said Dan O’Sullivan, cyber-resilience analyst with UpGuard, the Mountain View, Calif. company that found the data.
Exposed were text files logging calls made to Verizon call centers between Jan. 1, 2017 and June 22, O’Sullivan said. In most cases, the logs included the names, phone numbers and addresses of Verizon subscribers. In some cases, account pin numbers used to verify callers’ identities were also exposed, O’Sullivan said.
The storage area belonged to Nice Systems, a Verizon vendor which does business related to call-center management. UpGuard informed Verizon of its findings on June 13, O’Sullivan said. A week later, access was shut off.
After the technology news website ZD Net published a story about the episode Wednesday, Verizon issued a press release apologizing to its customers.
The phone giant confirmed that its customers’ information — including their cell phone numbers and pins in some cases — had been incorrectly placed in an insecure cloud storage area.
None of the exposed information had been lost or stolen, the company said.
Verizon spokesman David Samberg said that 6 million unique customer accounts were exposed — a smaller number than the 14 million estimated by UpGuard. Verizon was still investigating the problem when the story broke, he said.
Verizon said a “limited amount of personal information” had been left open to external access, as well as additional information that “had no external value.”
The episode prompted U.S. Rep. Ted Lieu (D-Torrance) to request a Judiciary Committee hearing, said Lieu’s chief of staff Marc…