Considering it’s been behind several high-profile data leaks over the last few months, including major political parties, you’d think that by now, major companies would be checking and securing their off-site servers they maintain with Amazon. But, yet again, it turns out that a major company has failed to protect customer data, and this time it’s Verizon.
CNN is reporting that a third-party customer service company accidentally left the information of 6 million Verizon customers public. Once again, the problem was a setting on an Amazon S3 server that was set to “public.” Despite the fact that Amazon S3 servers don’t show up on Google, it’s easy to track them down and browse them. The data includes names, phone numbers, and account PIN codes for the customers. The account PIN is a particularly worrying leak since many hackers use PINs and social engineering to get around two-factor authentication, a method of protecting bank accounts and other personal materials.
So, if you have a Verizon account, and you’ve contacted their customer service within the last six months, play it safe and change your account PIN. Remember to ensure it’s not a PIN you have elsewhere and that it’s not something that can easily be guessed by somebody who follows you on social media. And, while you’re at it, ask Verizon to do a little more about security.
UPDATE: Verizon has responded to the breach by saying no information was stolen.
We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information.